{"id":"CVE-2022-23304","details":"The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side-channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9495.","modified":"2026-03-13T05:28:59.844973Z","published":"2022-01-17T02:15:06.813Z","related":["SUSE-SU-2022:0504-1","SUSE-SU-2022:0716-1","SUSE-SU-2022:0716-2","SUSE-SU-2022:1853-1","openSUSE-SU-2022:0716-1"],"references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/04/msg00019.html"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPDHU5MV464CZBPX7N2SNMUYP6DFIBZL/"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202309-16"},{"type":"FIX","url":"https://w1.fi/security/2022-1/"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-23304.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"2.10"}]},{"events":[{"introduced":"0"},{"fixed":"2.10"}]},{"events":[{"introduced":"0"},{"last_affected":"35"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}