GoogleOSV:ASB-A-242537431Permanent denial of service via NotificationManager#addAutomaticZenRule
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
5.1%
In addAutomaticZenRule of ZenModeHelper.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
References
android.googlesource.com/platform/frameworks/base/+/22f33c562a6413bdfd298c0b332ff88e5895cd54
android.googlesource.com/platform/frameworks/base/+/b1ad676f42a73c1891a4aff2ed061282e8269844
android.googlesource.com/platform/frameworks/base/+/b6d04416628ab29df57efcd738332912d9260cea
android.googlesource.com/platform/frameworks/base/+/e0bf51a8b5ae6540a5acf53de1e942b807ca1c18
android.googlesource.com/platform/frameworks/base/+/e5e51116fb767162966a8e0d23fafb4f0ff46e86
source.android.com/security/bulletin/2023-02-01
Related
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
5.1%