CVE-2024-20003 — Improper Input Validation in Google Android

CWE-20 — Improper Input Validation4 documents4 sources

Severity

7.5HIGHNVD

EPSS

1.7%

top 17.63%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Android

Timeline

PublishedFeb 5

Latest updateMar 1

Description

In Modem NL1, there is a possible system crash due to an improper input validation. This could lead to remote denial of service, if NW sent invalid NR RRC Connection Setup message, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01191612; Issue ID: MOLY01191612 (MSV-981).

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

▶googlegoogle/android

🔴Vulnerability Details

OSV

CVE-2024-20003: there is a possible DoS due to a logic error in the code↗2025-03-01

▶

GHSA

GHSA-8gwc-m58g-hm5v: In Modem NL1, there is a possible system crash due to an improper input validation↗2024-02-05

▶

📋Vendor Advisories

Android

CVE-2024-20003: 5G Modem↗2024-02-01

▶