Platform Packages Apps Bluetooth vulnerabilities

CVE-2025-0092 CVE-2025-0092: In handleBondStateChanged of AdapterService In handleBondStateChanged of AdapterService.java, there is a possible permission bypass due to misleading or insufficient UI. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

CVE-2025-0093 CVE-2025-0093: In handleBondStateChanged of AdapterService In handleBondStateChanged of AdapterService.java, there is a possible unapproved data access due to a missing permission check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

CVE-2024-34730 CVE-2024-34730: In multiple locations, there is a possible bypass of user consent to enabling new Bluetooth HIDs due to a logic error in the code In multiple locations, there is a possible bypass of user consent to enabling new Bluetooth HIDs due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-34719 CVE-2024-34719: In multiple locations, there is a possible permissions bypass due to a missing null check In multiple locations, there is a possible permissions bypass due to a missing null check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2022-20467 CVE-2022-20467: In isBluetoothShareUri of BluetoothOppUtility In isBluetoothShareUri of BluetoothOppUtility.java, there is a possible incorrect file read due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

CVE-2022-20133 CVE-2022-20133: In setDiscoverableTimeout of AdapterService In setDiscoverableTimeout of AdapterService.java, there is a possible bypass of user interaction due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.

CVE-2022-20126 CVE-2022-20126: In setScanMode of AdapterService In setScanMode of AdapterService.java, there is a possible way to enable Bluetooth discovery mode without user interaction due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.

CVE-2022-20207 CVE-2022-20207: In TBD of GattDebugUtils In TBD of GattDebugUtils.java, there is a possible permission bypass due to accidentally enabling debug_admin . This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2021-1017 CVE-2021-1017: In AdapterService and GattService definition of AndroidManifest In AdapterService and GattService definition of AndroidManifest.xml, there is a possible way to disable bluetooth connection due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

CVE-2021-1006 CVE-2021-1006: In several functions of DatabaseManager In several functions of DatabaseManager.java, there is a possible leak of Bluetooth MAC addresses due to log information disclosure. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

CVE-2021-0604 CVE-2021-0604: In generateFileInfo of BluetoothOppSendFileInfo In generateFileInfo of BluetoothOppSendFileInfo.java, there is a possible way to share private files over Bluetooth due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

CVE-2021-0588 CVE-2021-0588: In processInboundMessage of MceStateMachine In processInboundMessage of MceStateMachine.java, there is a possible SMS disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2021-0549 CVE-2021-0549: In sspRequestCallback of BondStateMachine In sspRequestCallback of BondStateMachine.java, there is a possible leak of Bluetooth MAC addresses due to log information disclosure. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

CVE-2021-0328 CVE-2021-0328: In onBatchScanReports and deliverBatchScan of GattService In onBatchScanReports and deliverBatchScan of GattService.java, there is a possible way to retrieve Bluetooth scan results without permissions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2021-0329 CVE-2021-0329: In several native functions called by AdvertiseManager In several native functions called by AdvertiseManager.java, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege in the Bluetooth server with User execution privileges needed. User interaction is not needed for exploitation.

CVE-2020-12856 CVE-2020-12856: In smp_decide_association_model of smp_act In smp_decide_association_model of smp_act.cc, there is a possible silent bluetooth pairing due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2020-0410 CVE-2020-0410: In setNotification of SapServer In setNotification of SapServer.java, there is a possible permission bypass due to a PendingIntent error. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.