VDB

CISA-2023-40075

CISA-2023-40075 PUBLISHED

Reported by google_android · Published December 4, 2023

In forceReplaceShortcutInner of ShortcutPackage.java, there is a possible way to register unlimited packages due to a missing bounds check. This could lead to local denial of service which results in a boot loop with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Products

VendorProductVersions
GoogleAndroid14, 13, 12L
GoogleAndroid13, 12L, 14

Timeline

  • Dec 4, 2023 CVE Published
  • Aug 28, 2024 CVE Updated

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›