ASB-A-231161832 — Vulnetix

ASB-A-231161832 PUBLISHED

In btif_dm_auth_cmpl_evt of btif_dm.cc, there is a possible vulnerability in Cross-Transport Key Derivation due to Weakness in Bluetooth Standard. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Products

Vendor	Product	Versions
platform	system/bt	10:0, 10, 11:0

Timeline

Aug 1, 2022 CVE Published
May 15, 2026 CVE Updated

References

https://source.android.com/security/bulletin/2022-08-01 advisory
https://android.googlesource.com/platform/system/bt/+/6ad3f69b2199d953647e1053e8de2a8c26f1b8d6 patch
https://android.googlesource.com/platform/packages/modules/Bluetooth/+/fe358db0055e04ce779760a4af7127b62ef1f4fa patch

Open in Interactive Console →