Primary

Context

Airoha Bluetooth Audio SDK RACE Protocol Unauthorized Access Vulnerability Allowing Privilege Escalation

Vulnerability

A vulnerability in the Airoha Bluetooth audio SDK allows unauthorized access to the RACE protocol, potentially leading to remote privilege escalation without requiring additional execution privileges. Exploitation does not need user interaction. This issue affects several chipsets, including the AB156x, AB157x, AB158x, AB159x series, and AB1627, as well as specific software versions of the Airoha IoT SDK for Bluetooth audio, and the Airoha AB1561x/AB1562x/AB1563x SDK.

Impact

Exploitation of this vulnerability could result in unauthorized access to critical capabilities of the RACE protocol, allowing for remote escalation of privileges on the affected device.

Added: Aug 4, 2025, 7:17 AM

Updated: Aug 4, 2025, 7:17 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

4.9

remediation

0.0

relevance

0.3

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

4.9

remediation

0.0

relevance

0.3

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Airoha Bluetooth Audio SDK RACE Protocol Unauthorized Access Vulnerability Allowing Privilege Escalation

Vulnerability

Impact

Affected Products

Airoha Bluetooth audio SDK

Airoha IoT SDK

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating