PT-2022-10956 · Google · Android
Published
2022-05-01
·
Updated
2023-08-08
·
CVE-2021-39670
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Android versions Android-12 through Android-12L
Description
In the
setStream method of WallpaperManager.java, there is a possible way to cause a permanent denial of service due to improper input validation. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Recommendations
For Android versions Android-12 through Android-12L, consider disabling the
setStream method of WallpaperManager.java until a patch is available to prevent potential denial of service attacks.Exploit
Fix
Allocation of Resources Without Limits
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Android