Mitchell Frank

**Name of the Vulnerable Software and Affected Versions** hostapd version 2.6 **Description** An issue exists in the 802.11w security state handling for connected clients with valid 802.11w sessions. By simulating an incomplete new association, an attacker can trigger a deauthentication against stations using 802.11w, resulting in a denial of service. **Recommendations** For hostapd version 2.6, consider disabling the 802.11w security feature as a temporary workaround until a patch is available. Restrict access to the network to minimize the risk of exploitation. Avoid using 802.11w sessions in the affected hostapd version until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** hostapd version 2.6 **Description** A denial-of-service issue exists where an attacker could trigger an access point to send IAPP location updates for stations before the required authentication process has completed. This could lead to different denial of service scenarios, such as causing CAM table attacks or leading to traffic flapping if faking already existing clients in other nearby access points of the same wireless infrastructure. An attacker can forge `Authentication` and `Association Request` packets to trigger this issue. **Recommendations** For hostapd version 2.6, consider disabling the authentication process temporarily until a patch is available to prevent exploitation. Restrict access to nearby access points to minimize the risk of traffic flapping. Avoid using forged `Authentication` and `Association Request` packets in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.