{"id":"USN-7317-1","summary":"wpa vulnerabilities","details":"George Chatzisofroniou and Panayiotis Kotzanikolaou discovered that\nwpa_supplicant and hostapd reused encryption elements in the PKEX protocol.\nAn attacker could possibly use this issue to impersonate a wireless access\npoint, and obtain sensitive information. (CVE-2022-37660)\n\nDaniel De Almeida Braga, Mohamed Sabt, and Pierre-Alain Fouque discovered\nthat wpa_supplicant and hostapd were vulnerable to side channel attacks due\nto the cache access patterns. An attacker could possibly use this issue to\nobtain sensitive information. This issue only affected Ubuntu 20.04 LTS.\n(CVE-2022-23303, CVE-2022-23304)\n","modified":"2026-02-10T04:47:17Z","published":"2025-03-03T19:42:04Z","related":["UBUNTU-CVE-2022-23303","UBUNTU-CVE-2022-23304","UBUNTU-CVE-2022-37660"],"upstream":["CVE-2022-23303","CVE-2022-23304","CVE-2022-37660","UBUNTU-CVE-2022-23303","UBUNTU-CVE-2022-23304","UBUNTU-CVE-2022-37660"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-7317-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-23303"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-23304"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-37660"}],"affected":[{"package":{"name":"wpa","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/wpa@2:2.9-1ubuntu4.6?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2:2.9-1ubuntu4.6"}]}],"versions":["2:2.9-1ubuntu2","2:2.9-1ubuntu3","2:2.9-1ubuntu4","2:2.9-1ubuntu4.1","2:2.9-1ubuntu4.2","2:2.9-1ubuntu4.3","2:2.9-1ubuntu4.4"],"ecosystem_specific":{"binaries":[{"binary_version":"2:2.9-1ubuntu4.6","binary_name":"hostapd"},{"binary_version":"2:2.9-1ubuntu4.6","binary_name":"wpagui"},{"binary_version":"2:2.9-1ubuntu4.6","binary_name":"wpasupplicant"}],"availability":"No subscription required"},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:20.04:LTS","cves":[{"id":"CVE-2022-23303","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2022-23304","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2022-37660","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7317-1.json"}},{"package":{"name":"wpa","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/wpa@2:2.10-6ubuntu2.2?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2:2.10-6ubuntu2.2"}]}],"versions":["2:2.9.0-21build1","2:2.9.0-23","2:2.10-1","2:2.10-2","2:2.10-6","2:2.10-6ubuntu1","2:2.10-6ubuntu2","2:2.10-6ubuntu2.1"],"ecosystem_specific":{"binaries":[{"binary_version":"2:2.10-6ubuntu2.2","binary_name":"eapoltest"},{"binary_version":"2:2.10-6ubuntu2.2","binary_name":"hostapd"},{"binary_version":"2:2.10-6ubuntu2.2","binary_name":"libwpa-client-dev"},{"binary_version":"2:2.10-6ubuntu2.2","binary_name":"wpagui"},{"binary_version":"2:2.10-6ubuntu2.2","binary_name":"wpasupplicant"}],"availability":"No subscription required"},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:22.04:LTS","cves":[{"id":"CVE-2022-37660","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7317-1.json"}},{"package":{"name":"wpa","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/wpa@2:2.10-21ubuntu0.2?arch=source&distro=noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2:2.10-21ubuntu0.2"}]}],"versions":["2:2.10-15","2:2.10-18","2:2.10-20","2:2.10-21","2:2.10-21build2","2:2.10-21build3","2:2.10-21build4","2:2.10-21ubuntu0.1"],"ecosystem_specific":{"binaries":[{"binary_version":"2:2.10-21ubuntu0.2","binary_name":"eapoltest"},{"binary_version":"2:2.10-21ubuntu0.2","binary_name":"hostapd"},{"binary_version":"2:2.10-21ubuntu0.2","binary_name":"libwpa-client-dev"},{"binary_version":"2:2.10-21ubuntu0.2","binary_name":"wpagui"},{"binary_version":"2:2.10-21ubuntu0.2","binary_name":"wpasupplicant"}],"availability":"No subscription required"},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:24.04:LTS","cves":[{"id":"CVE-2022-37660","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7317-1.json"}}],"schema_version":"1.7.3"}