CVE-2024-43083

Published: Nov 13, 2024Modified: Dec 17, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

In validate of WifiConfigurationUtil.java , there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected (5)

Products: Google: Android

1 product

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Google Android	Version 12.0
Google Android	Version 12.1
Google Android	Version 13.0
Google Android	Version 14.0
Google Android	Version 15.0

Related CWEs

Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

References (2)

https://android.googlesource.com/platform/packages/modules/Wifi/+/62f61e19524e9a55cadd1116c9448ff34b977e50

Source: security@android.com

Mailing ListPatch

https://source.android.com/security/bulletin/2024-11-01

Source: security@android.com

PatchVendor Advisory

Timeline

No history available yet.