Package: release.debian.org Severity: normal Tags: bookworm X-Debbugs-Cc: w...@packages.debian.org Control: affects -1 + src:wpa User: release.debian....@packages.debian.org Usertags: pu
[ Reason ] CVE-2022-37660 [ Impact ] security problem low [ Tests ] no but patch is straight forward [ Risks ] Low [ Checklist ] [X] *all* changes are documented in the d/changelog [X] I reviewed all changes and I approve them [X] attach debdiff against the package in (old)stable [X] the issue is verified as fixed in unstable [ Changes ] Fix CVE-2022-37660: the PKEX code remains active even after a successful PKEX association. An attacker that successfully bootstrapped public keys with another entity using PKEX in the past, will be able to subvert a future bootstrapping by passively observing public keys, re-using the encrypting element Qi and subtracting it from the captured message M (X = M - Qi). This will result in the public ephemeral key X; the only element required to subvert the PKEX association [ Other info ] No
diff -Nru wpa-2.10/debian/changelog wpa-2.10/debian/changelog --- wpa-2.10/debian/changelog 2024-08-05 21:07:00.000000000 +0200 +++ wpa-2.10/debian/changelog 2025-04-11 16:29:46.000000000 +0200 @@ -1,3 +1,20 @@ +wpa (2:2.10-12+deb12u3) bookworm; urgency=medium + + * Non-maintainer upload by the LTS Security Team. + * debian/patches/CVE-2022-37660.patch: Add hostapd_dpp_pkex_clear_code() + and wpas_dpp_pkex_clear_code(), and clear code reusage in + ./src/ap/dpp_hostapd.c and ./wpa_supplicant/dpp_supplicant.c + * Fix CVE-2022-37660: the PKEX code remains active even after + a successful PKEX association. An attacker that successfully + bootstrapped public keys with another entity using PKEX in + the past, will be able to subvert a future bootstrapping by + passively observing public keys, re-using the encrypting + element Qi and subtracting it from the captured message + M (X = M - Qi). This will result in the public ephemeral + key X; the only element required to subvert the PKEX association + + -- Bastien Roucariès <ro...@debian.org> Fri, 11 Apr 2025 16:29:46 +0200 + wpa (2:2.10-12+deb12u2) bookworm-security; urgency=high * Non-maintainer upload by the Security Team. diff -Nru wpa-2.10/debian/patches/CVE-2022-37660.patch wpa-2.10/debian/patches/CVE-2022-37660.patch --- wpa-2.10/debian/patches/CVE-2022-37660.patch 1970-01-01 01:00:00.000000000 +0100 +++ wpa-2.10/debian/patches/CVE-2022-37660.patch 2025-04-11 16:29:46.000000000 +0200 @@ -0,0 +1,117 @@ +From 15af83cf1846870873a011ed4d714732f01cd2e4 Mon Sep 17 00:00:00 2001 +From: Jouni Malinen <quic_jo...@quicinc.com> +Date: Tue, 19 Jul 2022 21:23:04 +0300 +Subject: DPP: Delete PKEX code and identifier on success completion of PKEX + +We are not supposed to reuse these without being explicitly requested to +perform PKEX again. There is not a strong use case for being able to +provision an Enrollee multiple times with PKEX, so this should have no +issues on the Enrollee. For a Configurator, there might be some use +cases that would benefit from being able to use the same code with +multiple Enrollee devices, e.g., for guess access with a laptop and a +smart phone. That case will now require a new DPP_PKEX_ADD command on +the Configurator after each completion of the provisioning exchange. + +Signed-off-by: Jouni Malinen <quic_jo...@quicinc.com> + +[hostapd_dpp_pkex_done() in dpp_hostapd.c and wpas_dpp_pkex_done() in +dpp_supplicant.c were introduced in 2.11 --Hlib Korzhynskyy] + +Origin: backport, 15af83cf1846870873a011ed4d714732f01cd2e4 +--- + src/ap/dpp_hostapd.c | 22 +++++++++++++++++++++- + wpa_supplicant/dpp_supplicant.c | 21 ++++++++++++++++++++- + 2 files changed, 41 insertions(+), 2 deletions(-) + +--- a/src/ap/dpp_hostapd.c ++++ b/src/ap/dpp_hostapd.c +@@ -216,6 +216,22 @@ static void hostapd_dpp_auth_resp_retry( + } + + ++static void hostapd_dpp_pkex_clear_code(struct hostapd_data *hapd) ++{ ++ if (!hapd->dpp_pkex_code && !hapd->dpp_pkex_identifier) ++ return; ++ ++ /* Delete PKEX code and identifier on successful completion of ++ * PKEX. We are not supposed to reuse these without being ++ * explicitly requested to perform PKEX again. */ ++ wpa_printf(MSG_DEBUG, "DPP: Delete PKEX code/identifier"); ++ os_free(hapd->dpp_pkex_code); ++ hapd->dpp_pkex_code = NULL; ++ os_free(hapd->dpp_pkex_identifier); ++ hapd->dpp_pkex_identifier = NULL; ++} ++ ++ + void hostapd_dpp_tx_status(struct hostapd_data *hapd, const u8 *dst, + const u8 *data, size_t data_len, int ok) + { +@@ -1842,6 +1858,7 @@ hostapd_dpp_rx_pkex_commit_reveal_req(st + wpabuf_head(msg), wpabuf_len(msg)); + wpabuf_free(msg); + ++ hostapd_dpp_pkex_clear_code(hapd); + bi = dpp_pkex_finish(hapd->iface->interfaces->dpp, pkex, src, freq); + if (!bi) + return; +@@ -1873,6 +1890,7 @@ hostapd_dpp_rx_pkex_commit_reveal_resp(s + return; + } + ++ hostapd_dpp_pkex_clear_code(hapd); + bi = dpp_pkex_finish(hapd->iface->interfaces->dpp, pkex, src, freq); + if (!bi) + return; +@@ -2215,7 +2233,7 @@ int hostapd_dpp_pkex_remove(struct hosta + return -1; + } + +- if ((id_val != 0 && id_val != 1) || !hapd->dpp_pkex_code) ++ if ((id_val != 0 && id_val != 1)) + return -1; + + /* TODO: Support multiple PKEX entries */ +--- a/wpa_supplicant/dpp_supplicant.c ++++ b/wpa_supplicant/dpp_supplicant.c +@@ -2557,6 +2557,22 @@ static int wpas_dpp_pkex_next_channel(st + } + + ++static void wpas_dpp_pkex_clear_code(struct wpa_supplicant *wpa_s) ++{ ++ if (!wpa_s->dpp_pkex_code && !wpa_s->dpp_pkex_identifier) ++ return; ++ ++ /* Delete PKEX code and identifier on successful completion of ++ * PKEX. We are not supposed to reuse these without being ++ * explicitly requested to perform PKEX again. */ ++ os_free(wpa_s->dpp_pkex_code); ++ wpa_s->dpp_pkex_code = NULL; ++ os_free(wpa_s->dpp_pkex_identifier); ++ wpa_s->dpp_pkex_identifier = NULL; ++ ++} ++ ++ + static void wpas_dpp_pkex_retry_timeout(void *eloop_ctx, void *timeout_ctx) + { + struct wpa_supplicant *wpa_s = eloop_ctx; +@@ -2739,6 +2755,7 @@ wpas_dpp_pkex_finish(struct wpa_supplica + { + struct dpp_bootstrap_info *bi; + ++ wpas_dpp_pkex_clear_code(wpa_s); + bi = dpp_pkex_finish(wpa_s->dpp, wpa_s->dpp_pkex, peer, freq); + if (!bi) + return NULL; +@@ -3369,7 +3386,7 @@ int wpas_dpp_pkex_remove(struct wpa_supp + return -1; + } + +- if ((id_val != 0 && id_val != 1) || !wpa_s->dpp_pkex_code) ++ if ((id_val != 0 && id_val != 1)) + return -1; + + /* TODO: Support multiple PKEX entries */ diff -Nru wpa-2.10/debian/patches/series wpa-2.10/debian/patches/series --- wpa-2.10/debian/patches/series 2024-08-05 21:07:00.000000000 +0200 +++ wpa-2.10/debian/patches/series 2025-04-11 16:29:46.000000000 +0200 @@ -12,3 +12,4 @@ wpa_service_netdev.patch 0013-CVE-2023-52160-PEAP-client-Update-Phase-2-authentica.patch CVE-2024-5290-lib_engine_trusted_path.patch +CVE-2022-37660.patch
signature.asc
Description: This is a digitally signed message part.