CVE-2022-20482Uncontrolled Resource Consumption in Google Android

CWE-400Uncontrolled Resource Consumption6 documents5 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 98.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Platform Frameworks BaseGoogle Android
Timeline
PublishedDec 13
Latest updateApr 16

Description

In createNotificationChannel of NotificationManager.java, there is a possible way to make the device unusable and require factory reset due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-240422263

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

CVEListV5google/androidAndroid-12 Android-12L Android-13
NVDgoogle/android12.0, 12.1, 13.0+2
Androidplatform/frameworks_base12:012:2022-12-01+2

🔴Vulnerability Details

4
VulDB
Google Android 12.0/13.0 NotificationManager.java createNotificationChannel resource consumption (A-240422263 / EUVD-2022-25742)2026-04-16
GHSA
GHSA-258x-2wfm-xjrc: In createNotificationChannel of NotificationManager2022-12-13
OSV
CVE-2022-20482: In createNotificationChannel of NotificationManager2022-12-13
OSV
CVE-2022-20482: In createNotificationChannel of NotificationManager2022-12-01

📋Vendor Advisories

1
Android
CVE-2022-20482: Android Security Bulletin 2022-12-01 CVE: CVE-2022-20482 Severity: HIGH Type: DoS Affected AOSP versions: 12, 12L, 13 References: A-2404222632022-12-01