cbcvebase.
CVE-2023-35681
published 2023-09-11

CVE-2023-35681: In eatt_l2cap_reconfig_completed of eatt_impl.h, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution…

PriorityP259critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.54%
41.2th percentile
In eatt_l2cap_reconfig_completed of eatt_impl.h, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected

5 ranges
VendorProductVersion rangeFixed in
googleandroid
googleandroid
googleandroid
platformpackages_modules_bluetooth>= 13-next:0 < 13-next:2023-09-0113-next:2023-09-01
platformpackages_modules_bluetooth>= 13:0 < 13:2023-09-0113:2023-09-01

Detection & IOCsextracted from sources · hover to see the quote

  • Vulnerability is in the function `eatt_l2cap_reconfig_completed` within `eatt_impl.h` — monitor for crashes or anomalous Bluetooth EATT (Enhanced Attribute Protocol) L2CAP reconfiguration traffic targeting this code path
  • Target is Android 13 devices; focus detection on Bluetooth stack (EATT/L2CAP reconfig) traffic from untrusted/unauthenticated remote peers — no user interaction required, no elevated privileges needed
  • Reference Android internal bug tracker ID A-271335899 when triaging patch status on affected AOSP 13 builds
  • ·Only AOSP Android 13 is listed as affected in the September 2023 Android Security Bulletin; other versions are not confirmed affected
  • ·This is a CRITICAL-severity RCE reachable remotely over Bluetooth with no privileges and no user interaction, making it a zero-click attack surface
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.