GSD-2023-21125 — Vulnetix

GSD-2023-21125 PUBLISHED CVSS 8 HIGH

In btif_hh_hsdata_rpt_copy_cb of bta_hh.cc, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.

Risk Scores

CVSS v3.1

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products

Vendor	Product	Versions
Google	Android	12L, 12

Timeline

Feb 7, 2024 CVE Published

References

https://android.googlesource.com/platform/system/bt/+/e7b978841deb331ff5e5849388fa92ee4c40f979 url
https://source.android.com/security/bulletin/2025-03-01 url

Open in Interactive Console →