CVE-2017-13322Operator Precedence Logic Error in Google Android

CWE-783Operator Precedence Logic Error3 documents3 sources
Severity
10.0CRITICALNVD
EPSS
0.1%
top 72.42%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Google Android
Timeline
PublishedJan 17
Latest updateJan 18

Description

In endCallForSubscriber of PhoneInterfaceManager.java, there is a possible way to prevent access to emergency services due to a logic error in the code. This could lead to a local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Affected Packages2 packages

CVEListV5google/androidAndroid Kernel
NVDgoogle/android7 versions+6

Patches

Patch: source.android.com

🔴Vulnerability Details

2
GHSA
GHSA-jq8v-x7gq-gghc: In endCallForSubscriber of PhoneInterfaceManager2025-01-18
CVEList
CVE-2017-13322: In endCallForSubscriber of PhoneInterfaceManager2025-01-17
CVE-2017-13322 — Operator Precedence Logic Error | cvebase