ASB-A-244423101 — Vulnetix

ASB-A-244423101 PUBLISHED

In onStart of BluetoothSwitchPreferenceController.java, there is a possible permission bypass due to a confused deputy. This could lead to remote escalation of privilege in Bluetooth settings with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Products

Vendor	Product	Versions
platform	packages/apps/Settings	11:0, 11, 12:0

Timeline

Feb 1, 2023 CVE Published
May 15, 2026 CVE Updated

References

https://source.android.com/security/bulletin/2023-02-01 advisory
https://android.googlesource.com/platform/packages/apps/Settings/+/9d2b2ca5d86be94e94f70c124a80b4db9d7a3fd0 patch

Open in Interactive Console →