CVE-2023-21240Uncontrolled Resource Consumption in Frameworks Base

CWE-400Uncontrolled Resource Consumption5 documents5 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 93.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Platform Frameworks BasePlatform Packages Modules WifiGoogle Android
Timeline
PublishedJul 13

Description

In Policy of Policy.java, there is a possible boot loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

Androidplatform/frameworks_base11:011:2023-07-01
Androidplatform/packages_modules_wifi13-next:013-next:2023-07-01+3
CVEListV5google/android4 versions+3
NVDgoogle/android4 versions+3

Patches

Patch: android.googlesource.comPatch: source.android.comPatch: android.googlesource.com

🔴Vulnerability Details

3
GHSA
GHSA-672c-38pw-m2m5: In Policy of Policy2023-07-13
CVEList
CVE-2023-21240: In Policy of Policy2023-07-12
OSV
CVE-2023-21240: In Policy of Policy2023-07-01

📋Vendor Advisories

1
Android
CVE-2023-21240: Android Security Bulletin 2023-07-01 CVE: CVE-2023-21240 Severity: HIGH Type: DoS Affected AOSP versions: 11, 12, 12L, 13 References: A-2753404172023-07-01
CVE-2023-21240 — Uncontrolled Resource Consumption | cvebase