105 matches found
CVE-2022-47519
An issue was discovered in the Linux kernel before 6.0.11. Missing validation of IEEE80211P2PATTROPERCHANNEL in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless driver can trigger an out-of-bounds write when parsing the channel list attribute from Wi-Fi management frame...
CVE-2022-47518
An issue was discovered in the Linux kernel before 6.0.11. Missing validation of the number of channels in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless driver can trigger a heap-based buffer overflow when copying the list of operating channels from Wi-Fi management...
CVE-2022-47518
CVE-2022-47518 affects the Linux kernel before 6.0.11, specifically the WILC1000 wireless driver (drivers/net/wireless/microchip/wilc1000/cfg80211.c). The issue is missing validation of the number of channels, which can trigger a heap-based buffer overflow when copying the list of operating chann...
CVE-2022-47518
An issue was discovered in the Linux kernel before 6.0.11. Missing validation of the number of channels in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless driver can trigger a heap-based buffer overflow when copying the list of operating channels from Wi-Fi management...
PT-2022-6042 · Linux +4 · Linux Kernel +4
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.0.11 Description: The issue is related to the WILC1000 wireless driver in the Linux kernel, specifically with the missing validation of IEEE80211 P2P ATTR OPER CHANNEL in the cfg80211.c file. This can trigger ...
kernel: ath11k: Fix frames flush failure caused by deadlock
In the Linux kernel, the following vulnerability has been resolved: ath11k: Fix frames flush failure caused by deadlock We are seeing below warnings: kernel: 25393.301506 ath11kpci 0000:01:00.0: failed to flush mgmt transmit queue 0 kernel: 25398.421509 ath11kpci 0000:01:00.0: failed to flush mgm...
kernel: ath11k: Fix frames flush failure caused by deadlock
In the Linux kernel, the following vulnerability has been resolved: ath11k: Fix frames flush failure caused by deadlock We are seeing below warnings: kernel: 25393.301506 ath11kpci 0000:01:00.0: failed to flush mgmt transmit queue 0 kernel: 25398.421509 ath11kpci 0000:01:00.0: failed to flush mgm...
The vulnerability of the IEEE 802.11w Protected Management Frames (PMFs) in the Cisco IOS XE operating system allows a hacker to disrupt a user’s legitimate connection to a vulnerable device.
The vulnerability of the IEEE 802.11w Protected Management Frames PMFs in the Cisco IOS XE operating system is related to insufficient validation of input data. Exploiting this vulnerability can allow a remote attacker to successfully disconnect a user’s connection to a vulnerable device...
Updated wpa_supplicant packages fix security vulnerability
Updated wpasupplicant and hostpad packages fix security vulnerability: A vulnerability was discovered in wpasupplicant. When Access Point AP mode and Protected Management Frames PMF IEEE 802.11w are enabled, wpasupplicant does not perform enough validation on the source address of some received...
MGASA-2020-0244 Updated wpa_supplicant packages fix security vulnerability
Updated wpasupplicant and hostpad packages fix security vulnerability: A vulnerability was discovered in wpasupplicant. When Access Point AP mode and Protected Management Frames PMF IEEE 802.11w are enabled, wpasupplicant does not perform enough validation on the source address of some received...
Cisco Catalyst 9800 Series Wireless Controllers IOS XE Input Validation Error Vulnerability (CNVD-2020-31958)
Cisco IOS XE is the United States Cisco Cisco company's set of operating system developed for its network equipment. An input validation error vulnerability exists in the IEEE 802.11w Protected Management Frames handling of IOS XE Software in Cisco Catalyst 9800 Series Wireless Controllers. An...
CVE-2020-3206
A vulnerability in the handling of IEEE 802.11w Protected Management Frames PMFs of Cisco Catalyst 9800 Series Wireless Controllers that are running Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to terminate a valid user connection to an affected device. The vulnerabilit...
Billions of Devices Open to Wi-Fi Eavesdropping Attacks
SAN FRANCISCO — A serious vulnerability in Wi-Fi chips has been discovered that affects billions of devices worldwide, according to researchers. It allows attackers to eavesdrop on Wi-Fi communications. The bug CVE-2019-15126 stems from the use of an all-zero encryption key in chips made by...
DEBIAN-CVE-2019-5062
An exploitable denial-of-service vulnerability exists in the 802.11w security state handling for hostapd 2.6 connected clients with valid 802.11w sessions. By simulating an incomplete new association, an attacker can trigger a deauthentication against stations using 802.11w, resulting in a denial...
Cisco Aironet Access Points/Catalyst 9100 Access Points CAPWAP Denial of Service Vulnerability
Cisco Aironet APs are a family of access access point products. Cisco Aironet, Catalyst 9100 Access Points APs A resource management error vulnerability exists in the Control and Provisioning of Wireless Access Points CAPWAP protocol implementation, which stems from a failure in CAPWAP message...
Cisco Aironet Access Points Plagued By Critical, High-Severity Flaws
Cisco Systems has released a security update stomping out critical and high-severity flaws impacting its Aironet access points, which are entry-level wireless access points APs used by mid-size enterprises in their offices or small warehouses. It also issued a slew of additional patches addressin...
CVE-2019-15264
A vulnerability in the Control and Provisioning of Wireless Access Points CAPWAP protocol implementation of Cisco Aironet and Catalyst 9100 Access Points APs could allow an unauthenticated, adjacent attacker to cause an affected device to restart unexpectedly, resulting in a denial of service DoS...
Debian DSA-4538-1 : wpa - security update
Two vulnerabilities were found in the WPA protocol implementation found in wpasupplication station and hostapd access point. - CVE-2019-13377 A timing-based side-channel attack against WPA3's Dragonfly handshake when using Brainpool curves could be used by an attacker to retrieve the password. -...
Ubuntu 16.04 LTS / 18.04 LTS : wpa_supplicant and hostapd vulnerability (USN-4136-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4136-1 advisory. It was discovered that wpasupplicant incorrectly handled certain management frames. An attacker could possibly use this issue to cause a denial of...
USN-4136-2 wpa, wpasupplicant vulnerability
USN-4136-1 fixed a vulnerability in wpasupplicant. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that wpasupplicant incorrectly handled certain management frames. An attacker could possibly use this issue to...