K 10
svn:author
V 2
cy
K 8
svn:date
V 27
2021-03-17T02:32:50.198424Z
K 7
svn:log
V 1228
security/wpa_supplicant: fix for P2P provision vulnerability

Latest version available from: https://w1.fi/security/2021-1/

Vulnerability

A vulnerability was discovered in how wpa_supplicant processes P2P
(Wi-Fi Direct) provision discovery requests. Under a corner case
condition, an invalid Provision Discovery Request frame could end up
reaching a state where the oldest peer entry needs to be removed. With
a suitably constructed invalid frame, this could result in use
(read+write) of freed memory. This can result in an attacker within
radio range of the device running P2P discovery being able to cause
unexpected behavior, including termination of the wpa_supplicant process
and potentially code execution.

Vulnerable versions/configurations

wpa_supplicant v1.0-v2.9 with CONFIG_P2P build option enabled

An attacker (or a system controlled by the attacker) needs to be within
radio range of the vulnerable system to send a set of suitably
constructed management frames that trigger the corner case to be reached
in the management of the P2P peer table.

Note: The P2P option is not default.

MFH:		2021Q1
Security:	https://w1.fi/security/2021-1/\
	wpa_supplicant-p2p-provision-discovery-processing-vulnerability.txt

END