2 matches found
CVE-2023-21108
In sdpubuilduuidseq of sdpdiscovery.cc, there is a possible out of bounds write due to a use after free. This could lead to remote code execution over Bluetooth, if HFP support is enabled, with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...
CVE-2023-21108
CVE-2023-21108 affects Android 11–13 via the Bluetooth SDP discovery path: in sdpu_build_uuid_seq of sdp_discovery.cc, an out-of-bounds write caused by a use-after-free can lead to remote code execution if Hands Free Profile (HFP) is enabled. No user interaction is required. The vulnerability is ...