The implementations of SAE in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9494. References: https://w1.fi/security/2022-1/ https://w1.fi/security/2022-1/sae-eap-pwd-side-channel-attack-update-2.txt
Created hostapd tracking bugs for this issue: Affects: fedora-all [bug 2044604] Created wpa_supplicant tracking bugs for this issue: Affects: fedora-all [bug 2044603]