CVE-2023-20910

MEDIUM

Android - Denial of Service via WifiNetworkSuggestionsManager Resource Exhaustion

Title source: llm

Description

In add of WifiNetworkSuggestionsManager.java, there is a possible way to trigger permanent DoS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

References (3)

Core 3

Core References

Patch

https://android.googlesource.com/platform/packages/modules/Wifi/+/8827591ae680c4d0bd0e373d4ca20cb35f53faa6

Patch

https://android.googlesource.com/platform/packages/modules/Wifi/+/d7df9d633c2726fa2bee8739c9ba274f300e1ea9

Vendor Advisory

https://source.android.com/security/bulletin/2023-07-01

Scores

CVSS v3 5.5

EPSS 0.0013

EPSS Percentile 3.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-400

Status published

Products (4)

google/android 11.0

google/android 12.0

google/android 12.1

google/android 13.0

Published Mar 24, 2023

Tracked Since Feb 18, 2026