{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2022-20476","assignerOrgId":"baff130e-b8d5-4e15-b3d3-c3cf5d5545c6","assignerShortName":"google_android","dateUpdated":"2025-04-22T17:49:10.041Z","dateReserved":"2021-10-14T00:00:00.000Z","datePublished":"2022-12-13T00:00:00.000Z"},"containers":{"cna":{"providerMetadata":{"orgId":"baff130e-b8d5-4e15-b3d3-c3cf5d5545c6","shortName":"google_android","dateUpdated":"2022-12-13T00:00:00.000Z"},"descriptions":[{"lang":"en","value":"In setEnabledSetting of PackageManager.java, there is a possible way to get the device into an infinite reboot loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-240936919"}],"affected":[{"vendor":"n/a","product":"Android","versions":[{"version":"Android-10 Android-11 Android-12 Android-12L","status":"affected"}]}],"references":[{"url":"https://source.android.com/security/bulletin/2022-12-01"}],"problemTypes":[{"descriptions":[{"type":"text","lang":"en","description":"Denial of service"}]}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T02:10:44.884Z"},"title":"CVE Program Container","references":[{"url":"https://source.android.com/security/bulletin/2022-12-01","tags":["x_transferred"]}]},{"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-835","lang":"en","description":"CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')"}]}],"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":5.5,"attackVector":"LOCAL","baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","integrityImpact":"NONE","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"HIGH","privilegesRequired":"LOW","confidentialityImpact":"NONE"}},{"other":{"type":"ssvc","content":{"timestamp":"2025-04-22T17:49:03.347115Z","id":"CVE-2022-20476","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-04-22T17:49:10.041Z"}}]}}