CVE-2022-37660
published 2025-02-11CVE-2022-37660: In hostapd 2.10 and earlier, the PKEX code remains active even after a successful PKEX association. An attacker that successfully bootstrapped public keys with…
PriorityP336medium6.5CVSS 3.1
AVNACLPRNUINSUCLILAN
EPSS
0.34%
25.7th percentile
In hostapd 2.10 and earlier, the PKEX code remains active even after a successful PKEX association. An attacker that successfully bootstrapped public keys with another entity using PKEX in the past, will be able to subvert a future bootstrapping by passively observing public keys, re-using the encrypting element Qi and subtracting it from the captured message M (X = M - Qi). This will result in the public ephemeral key X; the only element required to subvert the PKEX association.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | wpa | < wpa 2:2.10-12+deb12u3 (bookworm) | wpa 2:2.10-12+deb12u3 (bookworm) |
| w1.fi | hostapd | <= 2.10 | — |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
osv9.8CRITICAL
vendor_ubuntu9.8CRITICAL
vendor_debian6.5MEDIUM
vendor_redhat6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
wpa_supplicant and hostapd vulnerabilities
vendor_ubuntu·2025-03-03·CVSS 9.8
CVE-2022-23303 [CRITICAL] wpa_supplicant and hostapd vulnerabilities
Title: wpa_supplicant and hostapd vulnerabilities
Summary: wpa_supplicant and hostapd could be made to expose sensitive information
over the network.
George Chatzisofroniou and Panayiotis Kotzanikolaou discovered that
wpa_supplicant and hostapd reused encryption elements in the PKEX protocol.
An attacker could possibly use this issue to impersonate a wireless access
point, and obtain sensitive information. (CVE-2022-37660)
Daniel De Almeida Braga, Mohamed Sabt, and Pierre-Alain Fouque discovered
that wpa_supplicant and hostapd were vulnerable to side channel attacks due
to the cache access patterns. An attacker could possibly use this issue to
obtain sensitive information. This issue only affected Ubuntu 20.04 LTS.
(CVE-2022-23303, CVE-2022-23304)
Instructions: In general, a standard s
Red Hat
hostapd: Public Key Exchange (PKEX) Reuse Vulnerability in hostapd
vendor_redhat·2025-02-11·CVSS 6.5
CVE-2022-37660 [MEDIUM] CWE-294 hostapd: Public Key Exchange (PKEX) Reuse Vulnerability in hostapd
hostapd: Public Key Exchange (PKEX) Reuse Vulnerability in hostapd
In hostapd 2.10 and earlier, the PKEX code remains active even after a successful PKEX association. An attacker that successfully bootstrapped public keys with another entity using PKEX in the past, will be able to subvert a future bootstrapping by passively observing public keys, re-using the encrypting element Qi and subtracting it from the captured message M (X = M - Qi). This will result in the public ephemeral key X; the only element required to subvert the PKEX association.
A flaw was found in hostapd. This vulnerability allows an attacker to subvert future PKEX associations via passive observation and reuse of public key exchange elements.
Statement: This vulnerability marked as important severity rather than mode
Debian
CVE-2022-37660: wpa - In hostapd 2.10 and earlier, the PKEX code remains active even after a successfu...
vendor_debian·2022·CVSS 6.5
CVE-2022-37660 [MEDIUM] CVE-2022-37660: wpa - In hostapd 2.10 and earlier, the PKEX code remains active even after a successfu...
In hostapd 2.10 and earlier, the PKEX code remains active even after a successful PKEX association. An attacker that successfully bootstrapped public keys with another entity using PKEX in the past, will be able to subvert a future bootstrapping by passively observing public keys, re-using the encrypting element Qi and subtracting it from the captured message M (X = M - Qi). This will result in the public ephemeral key X; the only element required to subvert the PKEX association.
Scope: local
bookworm: resolved (fixed in 2:2.10-12+deb12u3)
bullseye: resolved (fixed in 2:2.9.0-21+deb11u3)
forky: resolved (fixed in 2:2.10-24)
sid: resolved (fixed in 2:2.10-24)
trixie: resolved (fixed in 2:2.10-24)
OSV
wpa vulnerabilities
osv·2025-03-03·CVSS 9.8
CVE-2022-37660 [CRITICAL] wpa vulnerabilities
wpa vulnerabilities
George Chatzisofroniou and Panayiotis Kotzanikolaou discovered that
wpa_supplicant and hostapd reused encryption elements in the PKEX protocol.
An attacker could possibly use this issue to impersonate a wireless access
point, and obtain sensitive information. (CVE-2022-37660)
Daniel De Almeida Braga, Mohamed Sabt, and Pierre-Alain Fouque discovered
that wpa_supplicant and hostapd were vulnerable to side channel attacks due
to the cache access patterns. An attacker could possibly use this issue to
obtain sensitive information. This issue only affected Ubuntu 20.04 LTS.
(CVE-2022-23303, CVE-2022-23304)
GHSA
GHSA-hmq6-3hm7-3h78: In hostapd 2
ghsa_unreviewed·2025-02-12
CVE-2022-37660 [MEDIUM] CWE-323 GHSA-hmq6-3hm7-3h78: In hostapd 2
In hostapd 2.10 and earlier, the PKEX code remains active even after a successful PKEX association. An attacker that successfully bootstrapped public keys with another entity using PKEX in the past, will be able to subvert a future bootstrapping by passively observing public keys, re-using the encrypting element Qi and subtracting it from the captured message M (X = M - Qi). This will result in the public ephemeral key X; the only element required to subvert the PKEX association.
OSV
CVE-2022-37660: In hostapd 2
osv·2025-02-11·CVSS 6.5
CVE-2022-37660 [MEDIUM] CVE-2022-37660: In hostapd 2
In hostapd 2.10 and earlier, the PKEX code remains active even after a successful PKEX association. An attacker that successfully bootstrapped public keys with another entity using PKEX in the past, will be able to subvert a future bootstrapping by passively observing public keys, re-using the encrypting element Qi and subtracting it from the captured message M (X = M - Qi). This will result in the public ephemeral key X; the only element required to subvert the PKEX association.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-02-11
Published