Android Bluetooth Module Remote Code Execution Vulnerability
Vulnerability
A use-after-free vulnerability has been identified in the Android Bluetooth module, specifically within the service discovery protocol (SDP) handling. This vulnerability allows for arbitrary code execution, potentially leading to remote code execution, without requiring additional execution privileges or user interaction. The issue arises from log statements that improperly reference structures that may have been freed, creating a window for exploitation.
Impact
Exploitation of this vulnerability allows for remote code execution on the affected device.
Reproduction
The vulnerability can be reproduced by building and running the Android Open Source Project (AOSP) with the Fluoride Bluetooth stack. After compiling the AOSP with the necessary dependencies and setting up the build environment, the Bluetooth daemon can be executed. The vulnerability is triggered when the daemon processes service attribute responses, leading to the use-after-free condition.
Remediation
Users can update to the March 2025 security patch level to address this vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.