Vulnerability Details : CVE-2023-20910
In add of WifiNetworkSuggestionsManager.java, there is a possible way to trigger permanent DoS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
Vulnerability category: Denial of service
Published
2023-03-24 20:15:09
Updated
2023-07-13 00:15:23
Exploit prediction scoring system (EPSS) score for CVE-2023-20910
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2023-20910
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|
|
5.5
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
1.8
|
3.6
|
[email protected] |
CWE ids for CVE-2023-20910
-
The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.Assigned by: [email protected] (Primary)
References for CVE-2023-20910
-
https://source.android.com/security/bulletin/2023-03-01
Patch;Vendor Advisory
- https://source.android.com/security/bulletin/2023-07-01
-
https://android.googlesource.com/platform/packages/modules/Wifi/+/d7df9d633c2726fa2bee8739c9ba274f300e1ea9
-
https://android.googlesource.com/platform/packages/modules/Wifi/+/8827591ae680c4d0bd0e373d4ca20cb35f53faa6
Products affected by CVE-2023-20910
- cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*
- cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*
- cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*
- cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*