ASB-A-264880895 — Vulnetix

ASB-A-264880895 PUBLISHED CVSS 7 HIGH

In update of MmsProvider.java, there is a possible way to change directory permissions due to a path traversal error. This could lead to local denial of service of SIM recognition with no additional execution privileges needed. User interaction is not needed for exploitation.

Risk Scores

CVSS v4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products

Vendor	Product	Versions
platform	packages/providers/TelephonyProvider	13-next:0, 13-next, 11:0

Timeline

Aug 1, 2023 CVE Published
May 15, 2026 CVE Updated

References

https://source.android.com/security/bulletin/2023-08-01 advisory
https://android.googlesource.com/platform/packages/providers/TelephonyProvider/+/ca4c9a19635119d95900793e7a41b820cd1d94d9 patch

Open in Interactive Console →