AP Mode PMF Disconnection Protection Bypass Key Information Published: September 11, 2019 CVE Identifier: CVE-2019-16275 Vulnerability Description Issue: Hostapd and wpa_supplicant in AP mode do not properly validate source addresses in received Management frames, leading to stations being incorrectly disconnected even with PMF enabled. Impact: This is a denial of service vulnerability since PMF is meant to protect against such disconnection attempts. Attack Scenario An attacker within range of the access point can inject a crafted unauthenticated 802.11 frame to disconnect associated stations. Vulnerable Versions/Configurations All hostapd and wpa_supplicant versions with PMF support enabled in AP mode. Mainly affects drivers using mac80211 with user-space MLME/SME. Mitigation Merge the commit to silently ignore frames from unexpected sources and rebuild. Update to wpa_supplicant/hostapd v2.10 or newer when available.