COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2022-23304

CVE-2022-23304

Severity
critical
Source
NVD · cve
Published
2022-01-17
CVSS
9.8
Reference
https://nvd.nist.gov/vuln/detail/CVE-2022-23304

Players implicated

fedoraproject · vendorw1.fi · vendorfedora · producthostapd · productwpa supplicant · product

Description

The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side-channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9495.

Affected FedRAMP products 0 in the catalog

No correlated FedRAMP products.