hostapd: AP mode PMF disconnection protection bypass (CVE-2019-16275)

hostapd before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service that should have been prevented by PMF (aka management frame protection). The attacker must send a crafted 802.11 frame from a location that is within the 802.11 communications range.

References:

https://w1.fi/security/2019-7/ap-mode-pmf-disconnection-protection-bypass.txt
https://www.openwall.com/lists/oss-security/2019/09/12/6

Patch:

https://w1.fi/security/2019-7/0001-AP-Silently-ignore-management-frame-from-unexpected-.patch

Affected branches:

Edited Sep 17, 2019 by Leonardo Arena

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information