cbcvebase.
CVE-2024-0039
published 2024-03-11

CVE-2024-0039: In attp_build_value_cmd of att_protocol.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution…

PriorityP264critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.51%
71.3th percentile
In attp_build_value_cmd of att_protocol.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected

12 ranges
VendorProductVersion rangeFixed in
googleandroid
googleandroid
googleandroid
googleandroid
googleandroid
googleandroid
googleandroid
googleandroid
googleandroid
platformpackages_modules_bluetooth>= 13:0 < 13:2024-03-0113:2024-03-01
platformpackages_modules_bluetooth>= 14-next:0 < 14-next:2024-03-0114-next:2024-03-01
platformpackages_modules_bluetooth>= 14:0 < 14:2024-03-0114:2024-03-01

Detection & IOCsextracted from sources · hover to see the quote

  • Vulnerability exists in the function `attp_build_value_cmd` within `att_protocol.cc` — monitor for anomalous Bluetooth ATT (Attribute Protocol) traffic or crashes originating from this code path
  • No user interaction required and no additional privileges needed — exploit can be delivered entirely remotely over Bluetooth, making passive/unauthenticated BT connections a key detection surface
  • Affected Android versions are 12, 12L, 13, and 14 — prioritize detection and patching on unpatched devices running these AOSP versions
  • ·This is a CRITICAL-rated RCE with no user interaction required; the Android Security Bulletin classifies it as Type RCE, meaning exploitation requires only Bluetooth proximity/reachability with no victim action
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.