ASB-A-169327567 — Vulnetix

ASB-A-169327567 PUBLISHED

In reassemble_and_dispatch of packet_fragmenter.cc, there is a possible way to inject packets into an encrypted Bluetooth connection due to improper input validation. This could lead to remote escalation of privilege between two Bluetooth devices by a proximal attacker, with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Products

Vendor	Product	Versions
platform	system/bt	8.0, 8.1, 9:0

Timeline

Jan 1, 2021 CVE Published
May 15, 2026 CVE Updated

References

https://source.android.com/security/bulletin/2021-01-01 advisory
https://android.googlesource.com/platform/system/bt/+/ca6b0a211eb39ba85eed60ea740c85d1122fc6bc patch

Open in Interactive Console →