Bug 1159187 (CVE-2019-5062)

Summary: VUL-0: CVE-2019-5062: hostap: denial-of-service vulnerability in the 802.11w security state handling
Product: [openSUSE] openSUSE Distribution Reporter: Johannes Segitz <jsegitz>
Component: SecurityAssignee: Vladimir Botka <vbotka>
Status: NEW --- QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: atoptsoglou
Version: Leap 15.1   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/248991/
Whiteboard:
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Johannes Segitz 2019-12-13 10:22:19 UTC
CVE-2019-5062

An exploitable denial-of-service vulnerability exists in the 802.11w security
state handling for hostapd 2.6 connected clients with valid 802.11w sessions. By
simulating an incomplete new association, an attacker can trigger a
deauthentication against stations using 802.11w, resulting in a denial of
service.

Specific to 2.6, so Leap 15.1 affected 

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-5062
http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-5062.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5062
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0850