CVE-2024-0031
published 2024-02-16CVE-2024-0031: In attp_build_read_by_type_value_cmd of att_protocol.cc , there is a possible out of bounds write due to improper input validation. This could lead to remote…
PriorityP260critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.61%
44.8th percentile
In attp_build_read_by_type_value_cmd of att_protocol.cc , there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| platform | packages_modules_bluetooth | >= 13:0 < 13:2024-02-01 | 13:2024-02-01 |
| platform | packages_modules_bluetooth | >= 14-next:0 < 14-next:2024-02-01 | 14-next:2024-02-01 |
| platform | packages_modules_bluetooth | >= 14:0 < 14:2024-02-01 | 14:2024-02-01 |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerability is in the function `attp_build_read_by_type_value_cmd` within `att_protocol.cc` — monitor for crashes or anomalous Bluetooth ATT (Attribute Protocol) traffic targeting this code path, which handles Read By Type Value commands ↗
- →No user interaction is required and no additional privileges are needed — this is a zero-click remote attack vector over Bluetooth, making any device running AOSP 11, 12, 12L, 13, or 14 a candidate target without any user action ↗
- →Focus detection on Android devices running AOSP versions 11, 12, 12L, 13, and 14 that have not applied the 2024-02-01 Android Security Bulletin patch; audit patch level on managed devices ↗
- →Track Android internal bug reference A-297524203 for patch availability and diff analysis to understand the exact bounds-check fix in att_protocol.cc ↗
- ·Severity is rated CRITICAL with RCE impact over Bluetooth with no privileges or user interaction required, making this a high-priority patch to apply from the 2024-02-01 Android Security Bulletin ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Android
CVE-2024-0031: Android Security Bulletin 2024-02-01
CVE: CVE-2024-0031
Severity: CRITICAL
Type: RCE
Affected AOSP versions: 11, 12, 12L, 13, 14
References: A-2975242
vendor_android·2024-02-01·CVSS 9.8
CVE-2024-0031 [CRITICAL] CVE-2024-0031: Android Security Bulletin 2024-02-01
CVE: CVE-2024-0031
Severity: CRITICAL
Type: RCE
Affected AOSP versions: 11, 12, 12L, 13, 14
References: A-2975242
Android Security Bulletin 2024-02-01
CVE: CVE-2024-0031
Severity: CRITICAL
Type: RCE
Affected AOSP versions: 11, 12, 12L, 13, 14
References: A-297524203
GHSA
GHSA-h32h-58mq-6fgc: In attp_build_read_by_type_value_cmd of att_protocol
ghsa_unreviewed·2024-02-16
CVE-2024-0031 [CRITICAL] CWE-20 GHSA-h32h-58mq-6fgc: In attp_build_read_by_type_value_cmd of att_protocol
In attp_build_read_by_type_value_cmd of att_protocol.cc , there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
OSV
CVE-2024-0031: In attp_build_read_by_type_value_cmd of att_protocol
osv·2024-02-01
CVE-2024-0031 CVE-2024-0031: In attp_build_read_by_type_value_cmd of att_protocol
In attp_build_read_by_type_value_cmd of att_protocol.cc , there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://android.googlesource.com/platform/packages/modules/Bluetooth/+/de53890aaca2ae08b3ee2d6e3fd25f702fdfa661https://source.android.com/security/bulletin/2024-02-01https://android.googlesource.com/platform/packages/modules/Bluetooth/+/de53890aaca2ae08b3ee2d6e3fd25f702fdfa661https://source.android.com/security/bulletin/2024-02-01
2024-02-16
Published