Bug 1933361 (CVE-2021-27803)
| Summary: | CVE-2021-27803 wpa_supplicant: Use-after-free in P2P provision discovery processing | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Pedro Sampaio <psampaio> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | CC: | bgalvani, blueowl, dcaratti, dcbw, huzaifas, lkundrak, sukulkar |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | wpa_supplicant 2.10 | Doc Type: | If docs needed, set a value |
| Doc Text: |
A flaw was found in the wpa_supplicant, in the way it processes P2P (Wi-Fi Direct) provision discovery requests. This flaw allows an attacker who is within radio range of the device running P2P discovery to cause termination of the wpa_supplicant process or potentially cause code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2021-03-10 23:25:45 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1933362, 1933568, 1933569, 1933570, 1933571, 1933572, 1933573, 1935548, 2048290 | ||
| Bug Blocks: | 1933363 | ||
|
Description
Pedro Sampaio
2021-02-26 19:43:16 UTC
Created wpa_supplicant tracking bugs for this issue: Affects: fedora-all [bug 1933362] Upstream patch: https://w1.fi/cgit/hostap/commit/src/p2p/p2p_pd.c?id=8460e3230988ef2ec13ce6b69b687e941f6cdb32 External References: https://w1.fi/security/2021-1/wpa_supplicant-p2p-provision-discovery-processing-vulnerability.txt Statement: An attacker (or a system controlled by the attacker) needs to be within radio range of the vulnerable system to send a set of suitably constructed management frames that trigger the corner case to be reached in the management of the P2P peer table. Mitigation: Disable the P2P (control interface command "P2P_SET disabled 1" or "p2p_disabled=1" in (each, if multiple interfaces used) wpa_supplicant configuration file) This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2021:0808 https://access.redhat.com/errata/RHSA-2021:0808 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-27803 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:0809 https://access.redhat.com/errata/RHSA-2021:0809 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2021:0816 https://access.redhat.com/errata/RHSA-2021:0816 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Extended Update Support Via RHSA-2021:0818 https://access.redhat.com/errata/RHSA-2021:0818 |