MGASA-2019-0229
Advisory lineage Upstream: 2 Downstream: 0
Upstream
Published: 31 Aug 2019, 13:22
Last modified:16 Apr 2026, 04:26
Vulnerability Summary
Overall Risk (default)
minimal
0/100 CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
31 Aug 2019, 13:22
Published
Vulnerability first disclosed
16 Apr 2026, 04:26
Last Modified
Vulnerability information updated
Description
Updated wpa_supplicant and hostapd packages fix security vulnerability A number of potential side channel attacks were discovered in the SAE implementations used by both hostapd (AP) and wpa_supplicant (infrastructure BSS station/mesh station). SAE (Simultaneous Authentication of Equals) is also known as WPA3-Personal. The discovered side channel attacks may be able to leak information about the used password based on observable timing differences and cache access patterns. This might result in full password recovery when combined with an offline dictionary attack and if the password is not strong enough to protect against dictionary attacks.
Affected Systems
- mageia•hostapd
< 2.9-1.mga7
- mageia•wpa_supplicant
< 2.9-1.1.mga7