CVE-2022-20476

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Android versions Android-10 through Android-12L

Description The issue is related to the setEnabledSetting function in PackageManager.java, which can cause the device to enter an infinite reboot loop due to resource exhaustion. This can lead to a local denial of service without requiring any additional execution privileges. User interaction is not necessary for exploitation.

Recommendations For Android versions Android-10 through Android-12L, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Infinite Loop

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-835

Related Identifiers

ASB-A-240936919

CVE-2022-20476

Affected Products

Android

CVE-2022-20476

Weakness Enumeration

Related Identifiers

Affected Products

References · 9