CVE-2021-39659Improper Handling of Exceptional Conditions in Google Android

CWE-755Improper Handling of Exceptional Conditions5 documents5 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 97.02%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Platform Packages Services TelecommGoogle Android
Timeline
PublishedJan 14
Latest updateJan 15

Description

In sortSimPhoneAccountsForEmergency of CreateConnectionProcessor.java, there is a possible prevention of access to emergency calling due to an unhandled exception. In rare instances, this could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-208267659

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

CVEListV5google/androidAndroid-10 Android-11 Android-12
NVDgoogle/android10.0, 11.0, 12.0+2
Androidplatform/packages_services_telecomm10:010:2022-01-01+2

🔴Vulnerability Details

3
GHSA
GHSA-38mp-p2g2-47gf: In sortSimPhoneAccountsForEmergency of CreateConnectionProcessor2022-01-15
CVEList
CVE-2021-39659: In sortSimPhoneAccountsForEmergency of CreateConnectionProcessor2022-01-14
OSV
CVE-2021-39659: In sortSimPhoneAccountsForEmergency of CreateConnectionProcessor2022-01-01

📋Vendor Advisories

1
Android
CVE-2021-39659: Android Security Bulletin 2022-01-01 CVE: CVE-2021-39659 Severity: HIGH Type: DoS Affected AOSP versions: 10, 11, 12 References: A-2082676592022-01-01
CVE-2021-39659 — Google Android vulnerability | cvebase