Vulnerabilities > CVE-2022-23304 - Information Exposure Through Discrepancy vulnerability in multiple products

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
w1-fi
fedoraproject
CWE-203
critical

Summary

The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side-channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9495.

Vulnerable Configurations

Part Description Count
Application
W1.Fi
126
OS
Fedoraproject
1

Common Weakness Enumeration (CWE)