CVE-2024-0031 — Out-of-bounds Write in Packages Modules Bluetooth

CWE-787 — Out-of-bounds Write CWE-20 — Improper Input Validation5 documents5 sources

Severity

9.8CRITICALNVD

EPSS

1.4%

top 19.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Platform Packages Modules Bluetooth Google Android

Timeline

PublishedFeb 16

Description

In attp_build_read_by_type_value_cmd of att_protocol.cc , there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

▶Androidplatform/packages_modules_bluetooth14-next:0 — 14-next:2024-02-01+2

▶CVEListV5google/android5 versions+4

▶NVDgoogle/android5 versions+4

Patches

Patch: android.googlesource.com ↗Patch: source.android.com ↗Patch: android.googlesource.com ↗

🔴Vulnerability Details

GHSA

GHSA-h32h-58mq-6fgc: In attp_build_read_by_type_value_cmd of att_protocol↗2024-02-16

▶

CVEList

CVE-2024-0031: In attp_build_read_by_type_value_cmd of att_protocol↗2024-02-16

▶

OSV

CVE-2024-0031: In attp_build_read_by_type_value_cmd of att_protocol↗2024-02-01

▶

📋Vendor Advisories

Android

CVE-2024-0031: Android Security Bulletin 2024-02-01 CVE: CVE-2024-0031 Severity: CRITICAL Type: RCE Affected AOSP versions: 11, 12, 12L, 13, 14 References: A-2975242↗2024-02-01

▶