PUB-A-251436534 — Vulnetix

PUB-A-251436534 PUBLISHED CVSS 7 HIGH

In btm_acl_encrypt_change of btm_acl.cc, there is a possible way for a remote device to turn off encryption without resulting in a terminated connection due to an unusual root cause. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

Risk Scores

CVSS v4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products

Vendor	Product	Versions
platform	packages/modules/Bluetooth	13-next, 13:0, 13

Timeline

Jun 1, 2023 CVE Published
May 15, 2026 CVE Updated

References

https://source.android.com/security/bulletin/2023-06-01 advisory

Open in Interactive Console →