cbcvebase.
CVE-2024-0031
published 2024-02-16

CVE-2024-0031: In attp_build_read_by_type_value_cmd of att_protocol.cc , there is a possible out of bounds write due to improper input validation. This could lead to remote…

PriorityP260critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.61%
44.8th percentile
In attp_build_read_by_type_value_cmd of att_protocol.cc , there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected

14 ranges
VendorProductVersion rangeFixed in
googleandroid
googleandroid
googleandroid
googleandroid
googleandroid
googleandroid
googleandroid
googleandroid
googleandroid
googleandroid
googleandroid
platformpackages_modules_bluetooth>= 13:0 < 13:2024-02-0113:2024-02-01
platformpackages_modules_bluetooth>= 14-next:0 < 14-next:2024-02-0114-next:2024-02-01
platformpackages_modules_bluetooth>= 14:0 < 14:2024-02-0114:2024-02-01

Detection & IOCsextracted from sources · hover to see the quote

  • Vulnerability is in the function `attp_build_read_by_type_value_cmd` within `att_protocol.cc` — monitor for crashes or anomalous Bluetooth ATT (Attribute Protocol) traffic targeting this code path, which handles Read By Type Value commands
  • No user interaction is required and no additional privileges are needed — this is a zero-click remote attack vector over Bluetooth, making any device running AOSP 11, 12, 12L, 13, or 14 a candidate target without any user action
  • Focus detection on Android devices running AOSP versions 11, 12, 12L, 13, and 14 that have not applied the 2024-02-01 Android Security Bulletin patch; audit patch level on managed devices
  • Track Android internal bug reference A-297524203 for patch availability and diff analysis to understand the exact bounds-check fix in att_protocol.cc
  • ·Severity is rated CRITICAL with RCE impact over Bluetooth with no privileges or user interaction required, making this a high-priority patch to apply from the 2024-02-01 Android Security Bulletin
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.