CVE-2023-21240

MEDIUM

Android - Local Denial of Service via Resource Exhaustion in Policy.java

Title source: llm

Description

In Policy of Policy.java, there is a possible boot loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

References (2)

Core 2

Core References

Patch

https://android.googlesource.com/platform/packages/modules/Wifi/+/69119d1d3102e27b6473c785125696881bce9563

Patch, Vendor Advisory

https://source.android.com/security/bulletin/2023-07-01

Scores

CVSS v3 5.5

EPSS 0.0008

EPSS Percentile 0.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-400

Status published

Products (4)

google/android 11.0

google/android 12.0

google/android 12.1

google/android 13.0

Published Jul 13, 2023

Tracked Since Feb 18, 2026