In wlan STA driver, there is a possible reachable assertion due to improper exception handling. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: WCNCR00389047 / ALPS09136505; Issue ID: MSV-1798.
The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Yocto | Linuxfoundation | 3.3 (including) | 3.3 (including) |
| Yocto | Linuxfoundation | 4.0 (including) | 4.0 (including) |
| Yocto | Linuxfoundation | 5.0 (including) | 5.0 (including) |
| Software_development_kit | Mediatek | * | 2.4 (including) |
| Android | 13.0 (including) | 13.0 (including) | |
| Android | 14.0 (including) | 14.0 (including) | |
| Android | 15.0 (including) | 15.0 (including) | |
| Openwrt | Openwrt | 23.05 (including) | 23.05 (including) |
While assertion is good for catching logic errors and reducing the chances of reaching more serious vulnerability conditions, it can still lead to a denial of service. For example, if a server handles multiple simultaneous connections, and an assert() occurs in one single connection that causes all other connections to be dropped, this is a reachable assertion that leads to a denial of service.