Lucene search

GoogleOSV:ASB-A-241927115

HistoryFeb 01, 2023 - 12:00 a.m.

Delete SoftAp configuration on network reset

2023-02-0100:00:00

Google

osv.dev

wifi settings

residual data

information disclosure

user interaction

network reset

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

5.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

In multiple files, there is a possible way to preserve WiFi settings due to residual data after a reset. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

CPENameOperatorVersion
platform/packages/modules/wifieq10
platform/packages/modules/wifieq12
platform/packages/modules/wifieq12L
platform/packages/modules/wifieq13
platform/packages/modules/wifieq11

Name	Operator	Version
platform/packages/modules/wifi	eq	10
platform/packages/modules/wifi	eq	12
platform/packages/modules/wifi	eq	12L
platform/packages/modules/wifi	eq	13
platform/packages/modules/wifi	eq	11

References

android.googlesource.com/platform/packages/modules/Wifi/+/f87c9f414c9db99ddc3e677d5871ad763566c97e

source.android.com/security/bulletin/2023-02-01

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

5.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for OSV:ASB-A-241927115