A vulnerability (CVE-2021-27803) has been identified in the wpa_supplicant package, used to connect to a wireless network in many Linux, *BSD and Android distributions, which could potentially be used to execute attacker code when processing specially designed Wi-Fi Direct control frames (Wi-Fi P2P). To carry out an attack, the attacker must be within range of the wireless network to send a specially designed set of frames to the victim.
The problem is caused by a bug in the Wi-Fi P2P handler, due to which the processing of an incorrectly formatted PDR (Provision Discovery Request) frame can lead to a condition in which the record about the old P2P peer will be deleted and the information will be written to an already freed memory block (use -after-free). The issue affects wpa_supplicant releases 1.0 through 2.9, compiled with the CONFIG_P2P option.
The vulnerability will be fixed in the wpa_supplicant 2.10 release. In distributions, a hotfix update has been published for Fedora Linux. The status of publication of updates by other distributions can be tracked on the pages: Debian, Ubuntu, RHEL, SUSE, Arch Linux. As a workaround for blocking the vulnerability, simply disable P2P support by specifying βp2p_disabled=1β in the settings or running the βP2P_SET disabled 1β command in the CLI interface.
Source: opennet.ru