CVE Vulnerabilities

CVE-2022-20476

Loop with Unreachable Exit Condition ('Infinite Loop')

Published: Dec 13, 2022 | Modified: Dec 15, 2022
CVSS 3.x
5.5
MEDIUM
Source:
NVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM

In setEnabledSetting of PackageManager.java, there is a possible way to get the device into an infinite reboot loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-240936919

Weakness

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

Affected Software

Name Vendor Start Version End Version
Android Google 10.0 (including) 10.0 (including)
Android Google 11.0 (including) 11.0 (including)
Android Google 12.0 (including) 12.0 (including)
Android Google 12.1 (including) 12.1 (including)
Android-framework-23 Ubuntu bionic *
Android-framework-23 Ubuntu kinetic *
Android-framework-23 Ubuntu lunar *
Android-framework-23 Ubuntu trusty *
Android-framework-23 Ubuntu xenial *

References