Platform System Bt vulnerabilities

CVE-2023-21125 CVE-2023-21125: In btif_hh_hsdata_rpt_copy_cb of bta_hh In btif_hh_hsdata_rpt_copy_cb of bta_hh.cc, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-0079 CVE-2025-0079: In multiple locations, there is a possible way that avdtp and avctp channels could be unencrypted due to a logic error in the code In multiple locations, there is a possible way that avdtp and avctp channels could be unencrypted due to a logic error in the code. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-43771 CVE-2024-43771: In gatts_process_read_req of gatt_sr In gatts_process_read_req of gatt_sr.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-43763 CVE-2024-43763: In build_read_multi_rsp of gatt_sr In build_read_multi_rsp of gatt_sr.cc, there is a possible denial of service due to a logic error in the code. This could lead to remote (proximal/adjacent) denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-43096 CVE-2024-43096: In build_read_multi_rsp of gatt_sr In build_read_multi_rsp of gatt_sr.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-49747 CVE-2024-49747: In gatts_process_read_by_type_req of gatt_sr In gatts_process_read_by_type_req of gatt_sr.cc, there is a possible out of bounds write due to a logic error in the code. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-34722 CVE-2024-34722: In smp_proc_rand of smp_act In smp_proc_rand of smp_act.cc, there is a possible authentication bypass during legacy BLE pairing due to incorrect implementation of a protocol. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-43770 CVE-2024-43770: In gatts_process_find_info of gatt_sr In gatts_process_find_info of gatt_sr.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-49748 CVE-2024-49748: In gatts_process_primary_service_req of gatt_sr In gatts_process_primary_service_req of gatt_sr.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-34730 CVE-2024-34730: In multiple locations, there is a possible bypass of user consent to enabling new Bluetooth HIDs due to a logic error in the code In multiple locations, there is a possible bypass of user consent to enabling new Bluetooth HIDs due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-40129 CVE-2023-40129: In build_read_multi_rsp of gatt_sr In build_read_multi_rsp of gatt_sr.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-35666 CVE-2023-35666: In bta_av_rc_msg of bta_av_act In bta_av_rc_msg of bta_av_act.cc, there is a possible use after free due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-21273 CVE-2023-21273: In SDP_AddAttribute of sdp_db In SDP_AddAttribute of sdp_db.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-21250 CVE-2023-21250: In gatt_end_operation of gatt_utils In gatt_end_operation of gatt_utils.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-21115 CVE-2023-21115: In btm_sec_encrypt_change of btm_sec In btm_sec_encrypt_change of btm_sec.cc, there is a possible way to downgrade the link key type due to improperly used crypto. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-20967 CVE-2023-20967: In avdt_scb_hdl_pkt_no_frag of avdt_scb_act In avdt_scb_hdl_pkt_no_frag of avdt_scb_act.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-20952 CVE-2023-20952: In A2DP_BuildCodecHeaderSbc of a2dp_sbc In A2DP_BuildCodecHeaderSbc of a2dp_sbc.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-20954 CVE-2023-20954: In SDP_AddAttribute of sdp_db In SDP_AddAttribute of sdp_db.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-20951 CVE-2023-20951: In gatt_process_prep_write_rsp of gatt_cl In gatt_process_prep_write_rsp of gatt_cl.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-20931 CVE-2023-20931: In avdt_scb_hdl_write_req of avdt_scb_act In avdt_scb_hdl_write_req of avdt_scb_act.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.