USN-7317-1
- Source
- https://ubuntu.com/security/notices/USN-7317-1
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7317-1.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/USN-7317-1
- Related
- Published
- 2025-03-03T19:42:04.358193Z
- Modified
- 2025-03-03T19:42:04.358193Z
- Summary
- wpa vulnerabilities
- Details
-
George Chatzisofroniou and Panayiotis Kotzanikolaou discovered that wpa_supplicant and hostapd reused encryption elements in the PKEX protocol. An attacker could possibly use this issue to impersonate a wireless access point, and obtain sensitive information. (CVE-2022-37660)
Daniel De Almeida Braga, Mohamed Sabt, and Pierre-Alain Fouque discovered that wpa_supplicant and hostapd were vulnerable to side channel attacks due to the cache access patterns. An attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 20.04 LTS. (CVE-2022-23303, CVE-2022-23304)
- References
Affected packages
Ubuntu:20.04:LTS / wpa
Package
- Name
- wpa
- Purl
- pkg:deb/ubuntu/wpa@2:2.9-1ubuntu4.6?arch=source&distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2:2.9-1ubuntu4.6
Affected versions
2:2.*
2:2.9-1ubuntu2
2:2.9-1ubuntu3
2:2.9-1ubuntu4
2:2.9-1ubuntu4.1
2:2.9-1ubuntu4.2
2:2.9-1ubuntu4.3
2:2.9-1ubuntu4.4
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_version": "2:2.9-1ubuntu4.6",
"binary_name": "hostapd"
},
{
"binary_version": "2:2.9-1ubuntu4.6",
"binary_name": "hostapd-dbgsym"
},
{
"binary_version": "2:2.9-1ubuntu4.6",
"binary_name": "wpagui"
},
{
"binary_version": "2:2.9-1ubuntu4.6",
"binary_name": "wpagui-dbgsym"
},
{
"binary_version": "2:2.9-1ubuntu4.6",
"binary_name": "wpasupplicant"
},
{
"binary_version": "2:2.9-1ubuntu4.6",
"binary_name": "wpasupplicant-dbgsym"
},
{
"binary_version": "2:2.9-1ubuntu4.6",
"binary_name": "wpasupplicant-udeb"
}
]
}
Ubuntu:22.04:LTS / wpa
Package
- Name
- wpa
- Purl
- pkg:deb/ubuntu/wpa@2:2.10-6ubuntu2.2?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2:2.10-6ubuntu2.2
Affected versions
2:2.*
2:2.9.0-21build1
2:2.9.0-23
2:2.10-1
2:2.10-2
2:2.10-6
2:2.10-6ubuntu1
2:2.10-6ubuntu2
2:2.10-6ubuntu2.1
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_version": "2:2.10-6ubuntu2.2",
"binary_name": "eapoltest"
},
{
"binary_version": "2:2.10-6ubuntu2.2",
"binary_name": "eapoltest-dbgsym"
},
{
"binary_version": "2:2.10-6ubuntu2.2",
"binary_name": "hostapd"
},
{
"binary_version": "2:2.10-6ubuntu2.2",
"binary_name": "hostapd-dbgsym"
},
{
"binary_version": "2:2.10-6ubuntu2.2",
"binary_name": "libwpa-client-dev"
},
{
"binary_version": "2:2.10-6ubuntu2.2",
"binary_name": "wpagui"
},
{
"binary_version": "2:2.10-6ubuntu2.2",
"binary_name": "wpagui-dbgsym"
},
{
"binary_version": "2:2.10-6ubuntu2.2",
"binary_name": "wpasupplicant"
},
{
"binary_version": "2:2.10-6ubuntu2.2",
"binary_name": "wpasupplicant-dbgsym"
}
]
}
Ubuntu:24.10 / wpa
Package
- Name
- wpa
- Purl
- pkg:deb/ubuntu/wpa@2:2.10-22ubuntu0.1?arch=source&distro=oracular
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2:2.10-22ubuntu0.1
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_version": "2:2.10-22ubuntu0.1",
"binary_name": "eapoltest"
},
{
"binary_version": "2:2.10-22ubuntu0.1",
"binary_name": "eapoltest-dbgsym"
},
{
"binary_version": "2:2.10-22ubuntu0.1",
"binary_name": "hostapd"
},
{
"binary_version": "2:2.10-22ubuntu0.1",
"binary_name": "hostapd-dbgsym"
},
{
"binary_version": "2:2.10-22ubuntu0.1",
"binary_name": "libwpa-client-dev"
},
{
"binary_version": "2:2.10-22ubuntu0.1",
"binary_name": "wpagui"
},
{
"binary_version": "2:2.10-22ubuntu0.1",
"binary_name": "wpagui-dbgsym"
},
{
"binary_version": "2:2.10-22ubuntu0.1",
"binary_name": "wpasupplicant"
},
{
"binary_version": "2:2.10-22ubuntu0.1",
"binary_name": "wpasupplicant-dbgsym"
}
]
}
Ubuntu:24.04:LTS / wpa
Package
- Name
- wpa
- Purl
- pkg:deb/ubuntu/wpa@2:2.10-21ubuntu0.2?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2:2.10-21ubuntu0.2
Affected versions
2:2.*
2:2.10-15
2:2.10-18
2:2.10-20
2:2.10-21
2:2.10-21build2
2:2.10-21build3
2:2.10-21build4
2:2.10-21ubuntu0.1
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_version": "2:2.10-21ubuntu0.2",
"binary_name": "eapoltest"
},
{
"binary_version": "2:2.10-21ubuntu0.2",
"binary_name": "eapoltest-dbgsym"
},
{
"binary_version": "2:2.10-21ubuntu0.2",
"binary_name": "hostapd"
},
{
"binary_version": "2:2.10-21ubuntu0.2",
"binary_name": "hostapd-dbgsym"
},
{
"binary_version": "2:2.10-21ubuntu0.2",
"binary_name": "libwpa-client-dev"
},
{
"binary_version": "2:2.10-21ubuntu0.2",
"binary_name": "wpagui"
},
{
"binary_version": "2:2.10-21ubuntu0.2",
"binary_name": "wpagui-dbgsym"
},
{
"binary_version": "2:2.10-21ubuntu0.2",
"binary_name": "wpasupplicant"
},
{
"binary_version": "2:2.10-21ubuntu0.2",
"binary_name": "wpasupplicant-dbgsym"
}
]
}