VDB
CISA-2023-40075
CISA-2023-40075
PUBLISHED
Reported by google_android · Published December 4, 2023
In forceReplaceShortcutInner of ShortcutPackage.java, there is a possible way to register unlimited packages due to a missing bounds check. This could lead to local denial of service which results in a boot loop with no additional execution privileges needed. User interaction is not needed for exploitation.
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Android | 14, 13, 12L | |
| Android | 13, 12L, 14 |
Timeline
- Dec 4, 2023 CVE Published
- Aug 28, 2024 CVE Updated