Lucene search

GoogleOSV:ASB-A-275340417

HistoryJul 01, 2023 - 12:00 a.m.

Some fields of the android.net.wifi.hotspot2.pps.Policy class are not validated correctly, which can lead to a fatal system crash when deserialization during OS boot

2023-07-0100:00:00

Google

osv.dev

android

wi-fi

policy class

validation issue

system crash

deserialization

boot loop

resource exhaustion

local dos

no user interaction

software

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

6.9

Confidence

High

EPSS

Percentile

5.1%

JSON

In Policy of Policy.java, there is a possible boot loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

References

android.googlesource.com/platform/packages/modules/Wifi/+/69119d1d3102e27b6473c785125696881bce9563

source.android.com/security/bulletin/2023-07-01

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

6.9

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for OSV:ASB-A-275340417