]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: 8eb4fdd) | patch
wpa-supplicant: fix CVE-2022-23303-4
authorSteve Sakoman <steve@sakoman.com>
Wed, 9 Feb 2022 14:27:25 +0000 (04:27 -1000)
committerSteve Sakoman <steve@sakoman.com>
Wed, 9 Feb 2022 14:45:36 +0000 (04:45 -1000)
commit13ae7a3f4bbe7abafae3136190cf43d226271413
tree25ce6eecc36fb7c1ac96070af581aa66a6268c91tree | snapshot
parent8eb4fdd19fe4b275c26c49120b364cd24ec151d5commit | diff
wpa-supplicant: fix CVE-2022-23303-4

The implementations of SAE in hostapd before 2.10 and wpa_supplicant
before 2.10 are vulnerable to side channel attacks as a result
of cache access patterns. NOTE: this issue exists because of an
incomplete fix for CVE-2019-9494.

Backport patches from:
https://w1.fi/security/2022-1/

CVE: CVE-2022-23303 CVE-2022-23304

Signed-off-by: Steve Sakoman <steve@sakoman.com>
meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2022-23303-4.patch [new file with mode: 0644] blob
meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.9.bb diff | blob | history
Mirror of the official openembedded-core repository