PT-2022-10944 · Google · Android
Published
2022-01-01
·
Updated
2022-01-20
·
CVE-2021-39659
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Android versions Android-10 through Android-12
Description
The issue is related to an unhandled exception in the
sortSimPhoneAccountsForEmergency function of CreateConnectionProcessor.java, which could prevent access to emergency calling. This might lead to a local denial of service, requiring User execution privileges for exploitation. No user interaction is needed for exploitation.Recommendations
For Android versions Android-10 through Android-12, consider implementing exception handling in the
sortSimPhoneAccountsForEmergency function of CreateConnectionProcessor.java to prevent denial of service. As a temporary workaround, ensure that the CreateConnectionProcessor.java module is properly configured to handle exceptions and minimize the risk of exploitation.Fix
Improper Handling of Exceptional Conditions
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Android