{"id":"CVE-2022-23303","details":"The implementations of SAE in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9494.","modified":"2026-03-15T22:45:53.434085Z","published":"2022-01-17T02:15:06.760Z","related":["MGASA-2022-0025","SUSE-SU-2022:0504-1","SUSE-SU-2022:0716-1","SUSE-SU-2022:0716-2","SUSE-SU-2022:1853-1","openSUSE-SU-2022:0716-1"],"references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/04/msg00019.html"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPDHU5MV464CZBPX7N2SNMUYP6DFIBZL/"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202309-16"},{"type":"FIX","url":"https://w1.fi/security/2022-1/"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"2.10"}]},{"events":[{"introduced":"0"},{"fixed":"2.10"}]},{"events":[{"introduced":"0"},{"last_affected":"35"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-23303.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}