MNBSD-2023-16: Wi-Fi encryption bypass

Severity: Unknown

Affected Package: net80211

Summary: Wi-Fi encryption bypass

Description

The net80211 subsystem would fallback to the multicast key for unicast traffic in the event the unicast key was removed. This would result in buffered unicast traffic being exposed to any stations with access to the multicast key.

Affected Versions

net80211

Specific versions:

3.0.0
3.0.1
3.0.2
3.1.0

Recommendations

No workaround is available. Systems not using Wi-Fi are not affected.

References

https://nvd.nist.gov/vuln/detail/CVE-2022-47522
https://www.freebsd.org/security/advisories/FreeBSD-SA-23:11.wifi.asc

Additional Information

Aliases: FreeBSD-SA-23:11.wifi, CVE-2022-47522

Published: December 28, 2023
Last Modified: March 24, 2025