Android Bluetooth Stack Use-After-Free Vulnerability in SDP Server Component Allowing Remote Code Execution
Vulnerability
A use-after-free vulnerability has been identified in the Android Bluetooth stack, specifically within the SDP server component. This vulnerability arises from a logic error in the code, which could be exploited to execute arbitrary code remotely, without requiring additional execution privileges or user interaction. The issue affects multiple versions of the Android Bluetooth module.
Impact
Exploitation of this vulnerability could lead to unauthorized remote code execution on the affected device.
Reproduction
The vulnerability can be reproduced by building and running the Android Open Source Project (AOSP) with the Fluoride Bluetooth stack. This can be done on a Debian-based distribution or Ubuntu 20.10 or newer. After setting up the build environment and compiling the Bluetooth module, the 'btadapterd' service can be run, which will automatically attempt to connect to nearby Bluetooth devices. The vulnerability is triggered by the Bluetooth stack's handling of certain SDP-related operations, where freed memory is improperly accessed, allowing for the execution of arbitrary code.
Remediation
Users can update to the March 2025 security patch level, which addresses this vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.