Android Bluetooth Module Cross-User Data Leak Vulnerability

A logic error in the Bluetooth file transfer module can cause a cross-user data leak, allowing local information disclosure without requiring additional execution privileges or user interaction. This vulnerability affects the Android Bluetooth module, specifically in the 'isContentUriForOtherUser' function of 'BluetoothOppSendFileInfo.java'.

Impact

Exploitation of this vulnerability could lead to unauthorized access to user data from another profile.

Reproduction

The vulnerability can be reproduced by building and running the Android Open Source Project (AOSP) with the 'android-latest-release' branch. Once the Bluetooth module is active, the 'BluetoothOppSendFileInfo' class can be tested using the 'BluetoothOppSendFileInfoTest' unit test, which will trigger the cross-user data leak by accessing content URIs intended for other users.

Remediation

Users can update their devices to the June 2025 security patch level to address this vulnerability.