CVE-2024-0027Allocation of Resources Without Limits or Throttling in Frameworks Base

CWE-770Allocation of Resources Without Limits or Throttling4 documents4 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 86.01%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Platform Frameworks BaseGoogle Android
Timeline
PublishedMay 7

Description

In multiple functions of SnoozeHelper.java, there is a possible way to cause a boot loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

Androidplatform/frameworks_base14-next:014-next:2024-04-01+4
CVEListV5google/android4 versions+3
NVDgoogle/android4 versions+3

Patches

Patch: android.googlesource.comPatch: source.android.comPatch: android.googlesource.com

🔴Vulnerability Details

2
GHSA
GHSA-x93h-5q4r-cgp7: In multiple functions of SnoozeHelper2024-05-07
OSV
CVE-2024-0027: In multiple functions of SnoozeHelper2024-04-01

📋Vendor Advisories

1
Android
CVE-2024-0027: Android Security Bulletin 2024-04-01 CVE: CVE-2024-0027 Severity: HIGH Type: DoS Affected AOSP versions: 12, 12L, 13, 14 References: A-3079484242024-04-01