The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side-channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9495.
{ "availability": "No subscription required", "ubuntu_priority": "low", "binaries": [ { "hostapd-dbgsym": "2:2.10-6ubuntu2", "wpagui-dbgsym": "2:2.10-6ubuntu2", "libwpa-client-dev": "2:2.10-6ubuntu2", "hostapd": "2:2.10-6ubuntu2", "eapoltest-dbgsym": "2:2.10-6ubuntu2", "wpasupplicant": "2:2.10-6ubuntu2", "wpagui": "2:2.10-6ubuntu2", "eapoltest": "2:2.10-6ubuntu2", "wpasupplicant-dbgsym": "2:2.10-6ubuntu2" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "low", "binaries": [ { "hostapd-dbgsym": "2:2.10-21", "wpagui-dbgsym": "2:2.10-21", "libwpa-client-dev": "2:2.10-21", "hostapd": "2:2.10-21", "eapoltest-dbgsym": "2:2.10-21", "wpasupplicant": "2:2.10-21", "wpagui": "2:2.10-21", "eapoltest": "2:2.10-21", "wpasupplicant-dbgsym": "2:2.10-21" } ] }