Android Bluetooth Module Use-After-Free Vulnerability Allowing Remote Code Execution
Vulnerability
A use-after-free vulnerability has been identified in the Android Bluetooth module, specifically within the service discovery protocol (SDP) handling. This vulnerability arises from a logic error that can be exploited to execute arbitrary code remotely, without requiring additional privileges or user interaction. The issue is present in the Bluetooth stack of Android versions 12, 12L, 13, 14, and 15.
Impact
Exploitation of this vulnerability could lead to unauthorized remote code execution on the affected device.
Reproduction
The vulnerability can be reproduced by building and running the Android Open Source Project (AOSP) with the 'android-latest-release' branch. Once the AOSP is built and running on a device, the Bluetooth stack will be active by default. The vulnerability can be triggered by sending a specially crafted Bluetooth request that exploits the use-after-free condition in the SDP discovery process.
Remediation
Users can update their devices to the March 2025 security patch level to address this vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.