Android Bluetooth Module Arbitrary Activity Launch Vulnerability Allowing Privilege Escalation

A vulnerability exists in the Android Bluetooth module that allows for the arbitrary launching of activities from the background. This issue arises from a logic error in the code, specifically in the 'setMediaButtonReceiver' function across multiple files. Exploitation of this vulnerability could lead to a local escalation of privilege, with no additional execution privileges required. Notably, user interaction is not necessary for this exploitation to occur.

Impact

Exploitation of this vulnerability could result in unauthorized privileges being granted to a user or application, potentially leading to further exploitation or access to sensitive information.

Reproduction

The vulnerability can be reproduced by building and running the Android Open Source Project (AOSP) with the Fluoride Bluetooth stack. Once the Bluetooth module is active, the 'setMediaButtonReceiver' function can be manipulated to launch arbitrary activities from the background, taking advantage of the logic error in the code.

Remediation

Users can update to the April 2025 security patch level to address this vulnerability.