cbcvebase.
CVE-2023-40088
published 2023-12-04

CVE-2023-40088: In callback_thread_event of com_android_bluetooth_btservice_AdapterService.cpp, there is a possible memory corruption due to a use after free. This could lead…

PriorityP279high8.8CVSS 3.1
AVAACLPRNUINSUCHIHAH
ITWVulnCheck KEV
Exploited in the wild
EPSS
1.72%
74.6th percentile
In callback_thread_event of com_android_bluetooth_btservice_AdapterService.cpp, there is a possible memory corruption due to a use after free. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected

14 ranges
VendorProductVersion rangeFixed in
googleandroid
googleandroid
googleandroid
googleandroid
googleandroid
googleandroid
googleandroid
googleandroid
googleandroid
googleandroid
googleandroid
platformpackages_modules_bluetooth>= 13:0 < 13:2023-12-0113:2023-12-01
platformpackages_modules_bluetooth>= 14-next:0 < 14-next:2023-12-0114-next:2023-12-01
platformpackages_modules_bluetooth>= 14:0 < 14:2023-12-0114:2023-12-01

Detection & IOCsextracted from sources · hover to see the quote

  • Focus detection on the native function `callback_thread_event` in `com_android_bluetooth_btservice_AdapterService.cpp`, which contains the use-after-free vulnerability enabling remote code execution via the Bluetooth stack.
  • No user interaction is required and exploitation is possible from a proximal/adjacent attacker (e.g., Bluetooth range), making this detectable as an unexpected Bluetooth-initiated process crash or memory corruption event on Android devices.
  • Affected Android versions are 11, 12, 12L, 13, and 14 — prioritize monitoring/patching devices running these AOSP versions for anomalous Bluetooth service behavior.

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck8.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.