OpenCVE

In add of WifiNetworkSuggestionsManager.java, there is a possible way to trigger permanent DoS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Google	Android

Configuration 1 [-]

OR	cpe:2.3:o:google:android:11.0:::::::*
	cpe:2.3:o:google:android:12.0:::::::*
	cpe:2.3:o:google:android:12.1:::::::*
	cpe:2.3:o:google:android:13.0:::::::*

No data.

References

Link	Providers
https://android.googlesource.com/platform/packages/modules/Wifi/+/8827591ae680c4d0bd0e373d4ca20cb35f53faa6
https://android.googlesource.com/platform/packages/modules/Wifi/+/d7df9d633c2726fa2bee8739c9ba274f300e1ea9
https://source.android.com/security/bulletin/2023-07-01

History

No history.

MITRE

Status: PUBLISHED

Assigner: google_android

Published: 2023-03-24T00:00:00

Updated: 2024-08-02T09:21:33.528Z

Reserved: 2022-11-03T00:00:00

Link: CVE-2023-20910

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-03-24T20:15:09.113

Modified: 2024-11-21T07:41:48.143

Link: CVE-2023-20910

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-20910", "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "dateUpdated": "2024-08-02T09:21:33.528Z", "dateReserved": "2022-11-03T00:00:00", "datePublished": "2023-03-24T00:00:00"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [{"status": "affected", "version": "13"}, {"status": "affected", "version": "12L"}, {"status": "affected", "version": "12"}, {"status": "affected", "version": "11"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>In add of WifiNetworkSuggestionsManager.java, there is a possible way to trigger permanent DoS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.</p>"}], "value": "In add of WifiNetworkSuggestionsManager.java, there is a possible way to trigger permanent DoS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n"}], "problemTypes": [{"descriptions": [{"description": "Denial of service", "lang": "en"}]}], "providerMetadata": {"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android", "dateUpdated": "2023-07-12T23:17:21.274Z"}, "references": [{"url": "https://android.googlesource.com/platform/packages/modules/Wifi/+/d7df9d633c2726fa2bee8739c9ba274f300e1ea9"}, {"url": "https://android.googlesource.com/platform/packages/modules/Wifi/+/8827591ae680c4d0bd0e373d4ca20cb35f53faa6"}, {"url": "https://source.android.com/security/bulletin/2023-07-01"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T09:21:33.528Z"}, "title": "CVE Program Container", "references": [{"url": "https://android.googlesource.com/platform/packages/modules/Wifi/+/d7df9d633c2726fa2bee8739c9ba274f300e1ea9", "tags": ["x_transferred"]}, {"url": "https://android.googlesource.com/platform/packages/modules/Wifi/+/8827591ae680c4d0bd0e373d4ca20cb35f53faa6", "tags": ["x_transferred"]}, {"url": "https://source.android.com/security/bulletin/2023-07-01", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*", "matchCriteriaId": "C64C1583-CDE0-4C1F-BDE6-05643C1BDD72", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In add of WifiNetworkSuggestionsManager.java, there is a possible way to trigger permanent DoS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n"}], "id": "CVE-2023-20910", "lastModified": "2024-11-21T07:41:48.143", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-03-24T20:15:09.113", "references": [{"source": "security@android.com", "url": "https://android.googlesource.com/platform/packages/modules/Wifi/+/8827591ae680c4d0bd0e373d4ca20cb35f53faa6"}, {"source": "security@android.com", "url": "https://android.googlesource.com/platform/packages/modules/Wifi/+/d7df9d633c2726fa2bee8739c9ba274f300e1ea9"}, {"source": "security@android.com", "url": "https://source.android.com/security/bulletin/2023-07-01"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://android.googlesource.com/platform/packages/modules/Wifi/+/8827591ae680c4d0bd0e373d4ca20cb35f53faa6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://android.googlesource.com/platform/packages/modules/Wifi/+/d7df9d633c2726fa2bee8739c9ba274f300e1ea9"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://source.android.com/security/bulletin/2023-07-01"}], "sourceIdentifier": "security@android.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}], "source": "nvd@nist.gov", "type": "Primary"}]}