CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2024-23712

In multiple functions of AppOpsService.java, there is a possible way to saturate the content of /data/system/appops_accesses.xml due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 20.8%

CVSS Severity

CVSS v3 Score 5.5

References

https://android.googlesource.com/platform/frameworks/base/+/6beb68ca17d1220f3f09a53cf0a0c541db4ead62
https://source.android.com/security/bulletin/2024-04-01
https://android.googlesource.com/platform/frameworks/base/+/6beb68ca17d1220f3f09a53cf0a0c541db4ead62
https://source.android.com/security/bulletin/2024-04-01

Products affected by CVE-2024-23712

Google » Android » Version: 12.0

cpe:2.3:o:google:android:12.0
Google » Android » Version: 12.1

cpe:2.3:o:google:android:12.1
Google » Android » Version: 13.0

cpe:2.3:o:google:android:13.0
Google » Android » Version: 14.0

cpe:2.3:o:google:android:14.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-23712

Products

Pricing

Contact Us