CVE-2023-40088
published 2023-12-04CVE-2023-40088: In callback_thread_event of com_android_bluetooth_btservice_AdapterService.cpp, there is a possible memory corruption due to a use after free. This could lead…
PriorityP279high8.8CVSS 3.1
AVAACLPRNUINSUCHIHAH
ITWVulnCheck KEV
Exploited in the wild
EPSS
1.72%
74.6th percentile
In callback_thread_event of com_android_bluetooth_btservice_AdapterService.cpp, there is a possible memory corruption due to a use after free. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| platform | packages_modules_bluetooth | >= 13:0 < 13:2023-12-01 | 13:2023-12-01 |
| platform | packages_modules_bluetooth | >= 14-next:0 < 14-next:2023-12-01 | 14-next:2023-12-01 |
| platform | packages_modules_bluetooth | >= 14:0 < 14:2023-12-01 | 14:2023-12-01 |
Detection & IOCsextracted from sources · hover to see the quote
- →Focus detection on the native function `callback_thread_event` in `com_android_bluetooth_btservice_AdapterService.cpp`, which contains the use-after-free vulnerability enabling remote code execution via the Bluetooth stack. ↗
- →No user interaction is required and exploitation is possible from a proximal/adjacent attacker (e.g., Bluetooth range), making this detectable as an unexpected Bluetooth-initiated process crash or memory corruption event on Android devices. ↗
- →Affected Android versions are 11, 12, 12L, 13, and 14 — prioritize monitoring/patching devices running these AOSP versions for anomalous Bluetooth service behavior. ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck8.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-6hr2-x3v6-jp3r: In callback_thread_event of com_android_bluetooth_btservice_AdapterService
ghsa_unreviewed·2023-12-05
CVE-2023-40088 [HIGH] CWE-416 GHSA-6hr2-x3v6-jp3r: In callback_thread_event of com_android_bluetooth_btservice_AdapterService
In callback_thread_event of com_android_bluetooth_btservice_AdapterService.cpp, there is a possible memory corruption due to a use after free. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
OSV
CVE-2023-40088: In callback_thread_event of com_android_bluetooth_btservice_AdapterService
osv·2023-12-01
CVE-2023-40088 CVE-2023-40088: In callback_thread_event of com_android_bluetooth_btservice_AdapterService
In callback_thread_event of com_android_bluetooth_btservice_AdapterService.cpp, there is a possible memory corruption due to a use after free. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
VulnCheck
Google Android Use After Free
vulncheck·2023·CVSS 8.8
CVE-2023-40088 [HIGH] Google Android Use After Free
Google Android Use After Free
In callback_thread_event of com_android_bluetooth_btservice_AdapterService.cpp, there is a possible memory corruption due to a use after free. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
Affected: Google Android
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://redsense.com/publications/yearly-intel-trend-review-2023/
Android
CVE-2023-40088: Android Security Bulletin 2023-12-01
CVE: CVE-2023-40088
Severity: CRITICAL
Type: RCE
Affected AOSP versions: 11, 12, 12L, 13, 14
References: A-291500
vendor_android·2023-12-01·CVSS 8.8
CVE-2023-40088 [HIGH] CVE-2023-40088: Android Security Bulletin 2023-12-01
CVE: CVE-2023-40088
Severity: CRITICAL
Type: RCE
Affected AOSP versions: 11, 12, 12L, 13, 14
References: A-291500
Android Security Bulletin 2023-12-01
CVE: CVE-2023-40088
Severity: CRITICAL
Type: RCE
Affected AOSP versions: 11, 12, 12L, 13, 14
References: A-291500341
No detection rules found.
No public exploits indexed.
Checkpoint
11th December – Threat Intelligence Report
blogs_checkpoint·2023-12-11
CVE-2023-40088 11th December – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 11th December – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 11th December, please download our Threat_Intelligence Bulletin .
TOP ATTACKS AND BREACHES
The American Greater Richmond Transit Company (GRTC), which provides services for millions of people, has been a victim of cyber-attack that impacted certain applications and parts of the GRTC network. The Play ransomware gang claimed responsibility for the attack.
Check Point Harmony Endpoint and Threat Emulation prov
Bleepingcomputer
December Android updates fix critical zero-click RCE flaw
blogs_bleepingcomputer·2023-12-04·CVSS 8.4
CVE-2023-40088 [HIGH] December Android updates fix critical zero-click RCE flaw
## December Android updates fix critical zero-click RCE flaw
## Sergiu Gatlan
Google announced today that the December 2023 Android security updates tackle 85 vulnerabilities, including a critical severity zero-click remote code execution (RCE) bug.
Tracked as CVE-2023-40088, the zero-click RCE bug was found in Android's System component and doesn't require additional privileges to be exploited.
While the company has yet to reveal if attackers have targeted this security flaw in the wild, threat actors could exploit it to gain arbitrary code execution without user interaction.
"The most severe of these issues is a critical security vulnerability in the System component that could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User int
https://android.googlesource.com/platform/packages/modules/Bluetooth/+/5bfd817719fcf55cbb3476e6b5539a3db4c437fchttps://source.android.com/security/bulletin/2023-12-01https://android.googlesource.com/platform/packages/modules/Bluetooth/+/5bfd817719fcf55cbb3476e6b5539a3db4c437fchttps://source.android.com/security/bulletin/2023-12-01
2023-12-04
Published
Exploited in the wild