Denial of Service Vulnerability in WPA Supplicant by The Linux Foundation
CVE-2021-27803

7.5HIGH

Key Information:

Vendor

W1.fi

Status
WPa Supplicant
Vendor
CVE Published:
26 February 2021

What is CVE-2021-27803?

A vulnerability was found in how WPA Supplicant handles P2P provision discovery requests, potentially leading to denial of service or the execution of arbitrary code. An attacker within radio range could exploit this issue by sending specially crafted requests, impacting the stability and security of the system. Users and administrators are urged to apply patches provided by The Linux Foundation to mitigate this risk.

References

https://www.openwall.com/lists/oss-security/2021/02/25/3
x_refsource_MISC
https://w1.fi/security/2021-1/wpa_supplicant-p2p-provisio...
x_refsource_MISC
https://w1.fi/security/2021-1/0001-P2P-Fix-a-corner-case-...
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.