Android Bluetooth Module Use-After-Free Vulnerability Leading to Privilege Escalation

A use-after-free vulnerability has been identified in the Android Bluetooth module, specifically within the Fluoride Bluetooth stack. This vulnerability allows for the execution of arbitrary code, potentially leading to a local escalation of privileges. Notably, no additional execution privileges are required for exploitation, and user interaction is not needed.

Impact

Exploitation of this vulnerability could result in unauthorized access to elevated privileges, allowing a user to perform actions or access resources that are normally restricted.

Reproduction

The vulnerability can be reproduced by building and running the Android Open Source Project (AOSP) with the Fluoride Bluetooth stack. This can be done on a Debian-based distribution using Clang-11 or Clang-12, after installing the necessary build dependencies. Once AOSP is built, the Bluetooth module can be tested with a researcher-provided proof of concept that exploits the vulnerability.

Remediation

Users can update to the March 2025 security patch level, which addresses this vulnerability. Instructions for checking and updating the Android version are available on the Google Support website.