Android Bluetooth Module Remote Code Execution Vulnerability
Vulnerability
A remote code execution vulnerability has been identified in the Android Bluetooth module, specifically within the 'SendPacketToPeer' function of 'acl_arbiter.cc'. This issue arises from a use-after-free condition, leading to a possible out-of-bounds read. Exploitation of this vulnerability does not require any additional execution privileges or user interaction, but it must be executed in a proximal or adjacent context.
Impact
Exploitation of this vulnerability allows for remote code execution within the Bluetooth module, potentially leading to unauthorized actions or access on the affected device.
Reproduction
The vulnerability can be reproduced by building the Android Open Source Project (AOSP) with the 'android-latest-release' branch. After building AOSP, the Bluetooth module can be tested with a proof-of-concept that exploits the use-after-free vulnerability, allowing for remote code execution.
Remediation
Users can update their devices to the September 2025 security patch level, which addresses this vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.