ASB-A-242996380 — Vulnetix

ASB-A-242996380 PUBLISHED

In multiple locations, there is a possible permissions bypass due to a missing null check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Products

Vendor	Product	Versions
platform	packages/modules/Bluetooth	14, 14, *
platform	packages/apps/Bluetooth	12, 12L:0, 12:0

Timeline

Nov 1, 2024 CVE Published
May 15, 2026 CVE Updated

References

https://source.android.com/security/bulletin/2024-11-01 advisory
https://android.googlesource.com/platform/packages/modules/Bluetooth/+/b0e4375577ba7e21bd40edac5990bea418ecdc8c patch

Open in Interactive Console →