CVE-2023-35681
published 2023-09-11CVE-2023-35681: In eatt_l2cap_reconfig_completed of eatt_impl.h, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution…
PriorityP259critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.54%
41.2th percentile
In eatt_l2cap_reconfig_completed of eatt_impl.h, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| android | — | — | |
| android | — | — | |
| android | — | — | |
| platform | packages_modules_bluetooth | >= 13-next:0 < 13-next:2023-09-01 | 13-next:2023-09-01 |
| platform | packages_modules_bluetooth | >= 13:0 < 13:2023-09-01 | 13:2023-09-01 |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerability is in the function `eatt_l2cap_reconfig_completed` within `eatt_impl.h` — monitor for crashes or anomalous Bluetooth EATT (Enhanced Attribute Protocol) L2CAP reconfiguration traffic targeting this code path ↗
- →Target is Android 13 devices; focus detection on Bluetooth stack (EATT/L2CAP reconfig) traffic from untrusted/unauthenticated remote peers — no user interaction required, no elevated privileges needed ↗
- →Reference Android internal bug tracker ID A-271335899 when triaging patch status on affected AOSP 13 builds ↗
- ·Only AOSP Android 13 is listed as affected in the September 2023 Android Security Bulletin; other versions are not confirmed affected ↗
- ·This is a CRITICAL-severity RCE reachable remotely over Bluetooth with no privileges and no user interaction, making it a zero-click attack surface ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-49c5-gw3c-qmq4: In eatt_l2cap_reconfig_completed of eatt_impl
ghsa_unreviewed·2023-09-11
CVE-2023-35681 [CRITICAL] CWE-190 GHSA-49c5-gw3c-qmq4: In eatt_l2cap_reconfig_completed of eatt_impl
In eatt_l2cap_reconfig_completed of eatt_impl.h, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
OSV
CVE-2023-35681: In eatt_l2cap_reconfig_completed of eatt_impl
osv·2023-09-01
CVE-2023-35681 CVE-2023-35681: In eatt_l2cap_reconfig_completed of eatt_impl
In eatt_l2cap_reconfig_completed of eatt_impl.h, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
Android
CVE-2023-35681: Android Security Bulletin 2023-09-01
CVE: CVE-2023-35681
Severity: CRITICAL
Type: RCE
Affected AOSP versions: 13
References: A-271335899
vendor_android·2023-09-01·CVSS 9.8
CVE-2023-35681 [CRITICAL] CVE-2023-35681: Android Security Bulletin 2023-09-01
CVE: CVE-2023-35681
Severity: CRITICAL
Type: RCE
Affected AOSP versions: 13
References: A-271335899
Android Security Bulletin 2023-09-01
CVE: CVE-2023-35681
Severity: CRITICAL
Type: RCE
Affected AOSP versions: 13
References: A-271335899
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://android.googlesource.com/platform/packages/modules/Bluetooth/+/d8d95291f16a8f18f8ffbd6322c14686897c5730https://source.android.com/security/bulletin/2023-09-01https://android.googlesource.com/platform/packages/modules/Bluetooth/+/d8d95291f16a8f18f8ffbd6322c14686897c5730https://source.android.com/security/bulletin/2023-09-01
2023-09-11
Published