SB2025021863 - Fedora 40 update for hostapd, wpa_supplicant
Published: February 18, 2025
Security Bulletin ID
SB2025021863
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Adjecent network
Highest impact
Data manipulation
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Input validation error (CVE-ID: CVE-2023-52424)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to SSID confusion error in the IEEE 802.11 standard. A remote attacker can trick the victim into connecting to unintended or untrusted network with Home WEP, Home WPA3 SAE-loop, Enterprise 802.1X/EAP, Mesh AMPE, or FILS. This occurs because the SSID is not always used to derive the pairwise master key or session keys, and because there is not a protected exchange of an SSID during a 4-way handshake.
Remediation
Install update from vendor's website.