The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side-channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9495. References: https://w1.fi/security/2022-1/ https://w1.fi/security/2022-1/sae-eap-pwd-side-channel-attack-update-2.txt
Created hostapd tracking bugs for this issue: Affects: fedora-all [bug 2044600] Created wpa_supplicant tracking bugs for this issue: Affects: fedora-all [bug 2044601]