PT-2024-30283 · Google · Android
Published
2024-11-01
·
Updated
2024-12-17
·
CVE-2024-43083
CVSS v3.1
6.2
Medium
| Vector | AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Google Android versions 12 through 15
Description
The issue is related to a possible persistent denial of service due to resource exhaustion in the
validate() function of WifiConfigurationUtil.java. This could lead to a local denial of service with no additional execution privileges needed. User interaction is not required for exploitation.Recommendations
For Google Android versions 12 through 15, apply the security patch immediately to mitigate the risk. As a temporary workaround, consider restricting the use of the
validate() function in WifiConfigurationUtil.java until a patch is available.Fix
Allocation of Resources Without Limits
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Android