wpa_supplicant: AP mode PMF disconnection protection bypass (CVE-2019-16275)
Wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service that should have been prevented by PMF (aka management frame protection). The attacker must send a crafted 802.11 frame from a location that is within the 802.11 communications range.
References:
- https://w1.fi/security/2019-7/ap-mode-pmf-disconnection-protection-bypass.txt
- https://www.openwall.com/lists/oss-security/2019/09/12/6
Patch:
https://w1.fi/security/2019-7/0001-AP-Silently-ignore-management-frame-from-unexpected-.patch
Affected branches:
-
master -
3.10-stable -
3.9-stable -
3.8-stable -
3.7-stable