Lucene search

GoogleOSV:ASB-A-281061287

HistoryDec 01, 2023 - 12:00 a.m.

PDoS using addDynamicShortcuts to bypass app-level shortcut limits

2023-12-0100:00:00

Google

osv.dev

pdos

adddynamicshortcuts

bypass

app-level

shortcut limits

forcereplaceshortcutinner

shortcutpackage.java

missing bounds check

unlimited packages

local denial of service

boot loop

no additional execution privileges

user interaction

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

In forceReplaceShortcutInner of ShortcutPackage.java, there is a possible way to register unlimited packages due to a missing bounds check. This could lead to local denial of service which results in a boot loop with no additional execution privileges needed. User interaction is not needed for exploitation.

CPENameOperatorVersion
platform/frameworks/baseeq14
platform/frameworks/baseeq13
platform/frameworks/baseeq12L
platform/frameworks/baseeq12
platform/frameworks/baseeq11

Name	Operator	Version
platform/frameworks/base	eq	14
platform/frameworks/base	eq	13
platform/frameworks/base	eq	12L
platform/frameworks/base	eq	12
platform/frameworks/base	eq	11

References

android.googlesource.com/platform/frameworks/base/+/ae768fbb9975fdab267f525831cb52f485ab0ecc

source.android.com/security/bulletin/2023-12-01

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for OSV:ASB-A-281061287