Android Bluetooth Module Use-After-Free Vulnerability Leading to Remote Code Execution
Vulnerability
A use-after-free vulnerability has been identified in the Android Bluetooth module, specifically within the service discovery protocol (SDP) handling. This vulnerability allows for arbitrary code execution, potentially leading to remote code execution, without requiring additional execution privileges or user interaction. The issue arises from improper management of memory, where certain data structures may be freed and then accessed again, creating an opportunity for exploitation.
Impact
Exploitation of this vulnerability allows for remote code execution on the affected device.
Reproduction
The vulnerability can be reproduced by building and running the Android Open Source Project (AOSP) with the Fluoride Bluetooth stack. After compiling the AOSP with the necessary dependencies and setting up the build environment, the Bluetooth service can be started. The vulnerability is triggered when the Bluetooth service processes certain SDP messages that exploit the use-after-free condition, leading to arbitrary code execution.
Remediation
Users can update to the March 2025 security patch level to address this vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.