Android Bluetooth Module Elevation of Privilege Vulnerability
Vulnerability
A vulnerability allowing elevation of privilege has been identified in the Android Bluetooth module, specifically within the AVDT message handling component. This issue arises from a type confusion that can lead to memory corruption, allowing a paired device to escalate privileges without requiring additional execution rights or user interaction. The vulnerability is present in several Android versions, including 13, 14, and 15.
Impact
Exploitation of this vulnerability could lead to unauthorized privilege escalation on the affected device.
Reproduction
The vulnerability can be reproduced by sending an AVDT message with an incorrect type, which causes a type confusion and potential out-of-bounds access. This can be done by a malicious user paired with the target device.
Remediation
Users can update their devices to the April 2025 security patch level, which addresses this vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.