In endCallForSubscriber of PhoneInterfaceManager.java, there is a possible way to prevent access to emergency services due to a logic error in the code. This could lead to a local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
A logical error in the endCallForSubscriber method code causes improper termination of subscriber calls. Exploiting the vulnerability does not require any additional execution privileges or user interaction. As a result of the error, it is possible to bring the device into a state where it loses the ability to make calls to emergency numbers.
An attacker can locally block access to emergency services on the victim's device, which in life-threatening situations may prevent calling for help. This is a local denial of service (local DoS) affecting critical system functionality.
Apply patches available from the manufacturer according to references — Google Pixel security bulletin dated 2018-05-01 (https://source.android.com/security/bulletin/pixel/2018-05-01)
Google Android — versions indicated in manufacturer references (Pixel security bulletin from May 2018)
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XGoogle Android
OSGoogle6.06.0.17.07.1.17.1.28.08.1
Related vulnerabilities
Heap buffer overflow in UI in Google Chrome on Android prior to 86.0.4240.185 allowed a remote attacker who ha...
Adobe Flash Player 21.0.0.197 and earlier allows remote attackers to cause a denial of service (application cr...
Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android prior to 150.0.7871.4...
Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android prior to 150.0.7871.4...
Insufficient validation of untrusted input in Text in Google Chrome on Android prior to 150.0.7871.47 allowed ...