Lucene search

GoogleOSV:ASB-A-169762606

HistoryDec 01, 2022 - 12:00 a.m.

[Continual Calling to addAccountExplicitly Causes Permanent DoS to Android System]

2022-12-0100:00:00

Google

osv.dev

resource exhaustion

denial of service

local exploitation

accountsdb

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

0.0004 Low

EPSS

Percentile

5.1%

JSON

In findAllDeAccounts of AccountsDb.java, there is a possible denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

CPENameOperatorVersion
platform/frameworks/baseeq10
platform/frameworks/baseeq12L
platform/frameworks/baseeq12
platform/frameworks/baseeq13
platform/frameworks/baseeq11

Name	Operator	Version
platform/frameworks/base	eq	10
platform/frameworks/base	eq	12L
platform/frameworks/base	eq	12
platform/frameworks/base	eq	13
platform/frameworks/base	eq	11

References

android.googlesource.com/platform/frameworks/base/+/cf62c760d4c002f562ddd5f372abe5bccda8a6ad

source.android.com/security/bulletin/2022-12-01

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for OSV:ASB-A-169762606