GoogleOSV:ASB-A-266580022Local persistent denial of service when setting PackageManager.GET_SIGNATURES
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.9 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
5.1%
In multiple locations, there is a possible way to crash multiple system services due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
References
android.googlesource.com/platform/frameworks/base/+/84df68840b6f2407146e722ebd95a7d8bc6e3529
android.googlesource.com/platform/tools/apksig/+/039f815895f62c9f8af23df66622b66246f3f61e
android.googlesource.com/platform/tools/apksig/+/41d882324288085fd32ae0bb70dc85f5fd0e2be7
source.android.com/security/bulletin/2023-10-01
Related
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.9 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
5.1%