hostapd before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service that should have been prevented by PMF (aka management frame protection). The attacker must send a crafted 802.11 frame from a location that is within the 802.11 communications range.

References:

• https://w1.fi/security/2019-7/ap-mode-pmf-disconnection-protection-bypass.txt
• https://www.openwall.com/lists/oss-security/2019/09/12/6

Patch:

https://w1.fi/security/2019-7/0001-AP-Silently-ignore-management-frame-from-unexpected-.patch

Affected branches:

• master
• 3.10-stable
• 3.9-stable
• 3.8-stable
• 3.7-stable