CVE-2019-5062

Publication date 12 December 2019

Last updated 7 July 2026


Ubuntu priority

Negligible

Why this priority?

Cvss 3 Severity Score

7.4 · High

Score breakdown

Description

An exploitable denial-of-service vulnerability exists in the 802.11w security state handling for hostapd 2.6 connected clients with valid 802.11w sessions. By simulating an incomplete new association, an attacker can trigger a deauthentication against stations using 802.11w, resulting in a denial of service.

Read the notes from the security team

Status

Package Ubuntu Release Status
wpa 26.04 LTS resolute
Vulnerable, fix deferred
25.10 questing
Vulnerable, fix deferred
25.04 plucky Ignored end of life, was needs-triage
24.10 oracular Ignored end of life, was needs-triage
24.04 LTS noble
Vulnerable, fix deferred
23.10 mantic Ignored end of life, was needs-triage
23.04 lunar Ignored end of life, was needs-triage
22.10 kinetic Ignored end of life, was needs-triage
22.04 LTS jammy
Vulnerable, fix deferred
21.10 impish Ignored end of life
21.04 hirsute Ignored end of life
20.10 groovy Ignored end of life
20.04 LTS focal
Vulnerable, fix deferred
19.10 eoan Ignored end of life
19.04 disco Ignored end of life
18.04 LTS bionic
Vulnerable, fix deferred
16.04 LTS xenial
Vulnerable, fix deferred
14.04 LTS trusty
Vulnerable, fix deferred

Notes


mdeslaur

as of 2026-07-07, no details are available about a fix for this issue, marking as deferred

Severity score breakdown

CVSS version: CVSS v3.0

Base score 7.4 · High

Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H


Access our resources on patching vulnerabilities