CVE-2022-23304
published 2022-01-17CVE-2022-23304: The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side-channel attacks as a result of cache access…
PriorityP349critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.90%
77.1th percentile
The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side-channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9495.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | wpa | < wpa 2:2.10-1 (bookworm) | wpa 2:2.10-1 (bookworm) |
| fedoraproject | fedora | — | — |
| msrc | cbl2_wpa_supplicant_2.10-1_on_cbl_mariner_2.0 | — | — |
| msrc | cm1_wpa_supplicant_2.10-1_on_cbl_mariner_1.0 | — | — |
| w1.fi | hostapd | < 2.10 | 2.10 |
| w1.fi | wpa_supplicant | < 2.10 | 2.10 |
| w1.fi | wpa_supplicant | >= 0 < 2:2.9.0-21+deb11u3 | 2:2.9.0-21+deb11u3 |
| w1.fi | wpa_supplicant | >= 0 < 2:2.10-1 | 2:2.10-1 |
| w1.fi | wpa_supplicant | >= 0 < 2:2.10-1 | 2:2.10-1 |
| w1.fi | wpa_supplicant | >= 0 < 2:2.10-1 | 2:2.10-1 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
vendor_msrc9.8CRITICAL
vendor_ubuntu9.8CRITICAL
vendor_debian3.7LOW
vendor_redhat3.7LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
wpa_supplicant and hostapd vulnerabilities
vendor_ubuntu·2025-03-03·CVSS 9.8
CVE-2022-23303 [CRITICAL] wpa_supplicant and hostapd vulnerabilities
Title: wpa_supplicant and hostapd vulnerabilities
Summary: wpa_supplicant and hostapd could be made to expose sensitive information
over the network.
George Chatzisofroniou and Panayiotis Kotzanikolaou discovered that
wpa_supplicant and hostapd reused encryption elements in the PKEX protocol.
An attacker could possibly use this issue to impersonate a wireless access
point, and obtain sensitive information. (CVE-2022-37660)
Daniel De Almeida Braga, Mohamed Sabt, and Pierre-Alain Fouque discovered
that wpa_supplicant and hostapd were vulnerable to side channel attacks due
to the cache access patterns. An attacker could possibly use this issue to
obtain sensitive information. This issue only affected Ubuntu 20.04 LTS.
(CVE-2022-23303, CVE-2022-23304)
Instructions: In general, a standard s
Red Hat
wpa_supplicant: EAP-pwd side-channel attacks as a result of cache access patterns
vendor_redhat·2022-01-17·CVSS 3.7
CVE-2022-23304 [LOW] CWE-924 wpa_supplicant: EAP-pwd side-channel attacks as a result of cache access patterns
wpa_supplicant: EAP-pwd side-channel attacks as a result of cache access patterns
The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side-channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9495.
The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side-channel attacks as a result of cache access patterns. The highest threat from this vulnerability is to availability, confidentiality and integrity.
Statement: Red Hat believes this vulnerability to be of moderate impact because one of the requisites for exploitation is the ability to run unprivileged code on the victim's machine; furthermore, the complexity of this attac
Microsoft
The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side-channel attacks as a result of cache access patterns. NOTE: this issue exists because of an
vendor_msrc·2022-01-11·CVSS 9.8
CVE-2022-23304 [LOW] CWE-203 The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side-channel attacks as a result of cache access patterns. NOTE: this issue exists because of an
The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side-channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9495.
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products
Debian
CVE-2022-23304: wpa - The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplicant before ...
vendor_debian·2022·CVSS 3.7
CVE-2022-23304 [LOW] CVE-2022-23304: wpa - The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplicant before ...
The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side-channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9495.
Scope: local
bookworm: resolved (fixed in 2:2.10-1)
bullseye: resolved (fixed in 2:2.9.0-21+deb11u3)
forky: resolved (fixed in 2:2.10-1)
sid: resolved (fixed in 2:2.10-1)
trixie: resolved (fixed in 2:2.10-1)
VulDB
wpa_supplicant/hostapd up to 2.9 EAP-pwd information exposure (EUVD-2022-28389 / Nessus ID 218383)
vuldb·2026-04-30·CVSS 9.8
CVE-2022-23304 [CRITICAL] wpa_supplicant/hostapd up to 2.9 EAP-pwd information exposure (EUVD-2022-28389 / Nessus ID 218383)
A vulnerability classified as problematic was found in wpa_supplicant and hostapd up to 2.9. Affected is an unknown function of the component EAP-pwd. The manipulation results in information exposure through discrepancy.
This vulnerability is identified as CVE-2022-23304. The attack can only be performed from the local network. There is not any exploit available.
Upgrading the affected component is advised.
OSV
wpa vulnerabilities
osv·2025-03-03·CVSS 9.8
CVE-2022-37660 [CRITICAL] wpa vulnerabilities
wpa vulnerabilities
George Chatzisofroniou and Panayiotis Kotzanikolaou discovered that
wpa_supplicant and hostapd reused encryption elements in the PKEX protocol.
An attacker could possibly use this issue to impersonate a wireless access
point, and obtain sensitive information. (CVE-2022-37660)
Daniel De Almeida Braga, Mohamed Sabt, and Pierre-Alain Fouque discovered
that wpa_supplicant and hostapd were vulnerable to side channel attacks due
to the cache access patterns. An attacker could possibly use this issue to
obtain sensitive information. This issue only affected Ubuntu 20.04 LTS.
(CVE-2022-23303, CVE-2022-23304)
GHSA
GHSA-fwqr-qx2m-vqxq: The implementations of EAP-pwd in hostapd before 2
ghsa_unreviewed·2022-02-15·CVSS 3.7
CVE-2022-23304 [LOW] CWE-203 GHSA-fwqr-qx2m-vqxq: The implementations of EAP-pwd in hostapd before 2
The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side-channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9495.
OSV
CVE-2022-23304: The implementations of EAP-pwd in hostapd before 2
osv·2022-01-17·CVSS 3.7
CVE-2022-23304 [LOW] CVE-2022-23304: The implementations of EAP-pwd in hostapd before 2
The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side-channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9495.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPDHU5MV464CZBPX7N2SNMUYP6DFIBZL/https://security.gentoo.org/glsa/202309-16https://w1.fi/security/2022-1/https://lists.debian.org/debian-lts-announce/2025/04/msg00019.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPDHU5MV464CZBPX7N2SNMUYP6DFIBZL/https://security.gentoo.org/glsa/202309-16https://w1.fi/security/2022-1/
2022-01-17
Published