12 matches found
CVE-2021-0319
In checkCallerIsSystemOr of CompanionDeviceManagerService.java, there is a possible way to get a nearby Bluetooth device's MAC address without appropriate permissions due to a permissions bypass. This could lead to local escalation of privilege that grants access to nearby MAC addresses, with Use...
CVE-2024-0028
In Audio Service, there is a possible way to obtain MAC addresses of nearby Bluetooth devices due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2024-0028
The CVE-2024-0028 entry describes an information-disclosure flaw in Android’s Audio Service where a missing permission check could let an attacker obtain the MAC addresses of nearby Bluetooth devices. This is a local issue with low attack complexity and no user interaction required, potentially e...
CVE-2023-20929
In sendHalfSheetCancelBroadcast of HalfSheetActivity.java, there is a possible way to learn nearby BT MAC addresses due to an unrestricted broadcast intent. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
CVE-2023-20929
In sendHalfSheetCancelBroadcast of HalfSheetActivity.java, there is a possible way to learn nearby BT MAC addresses due to an unrestricted broadcast intent. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
CVE-2021-1006
In several functions of DatabaseManager.java, there is a possible leak of Bluetooth MAC addresses due to log information disclosure. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...
CVE-2021-1006
CVE-2021-1006 affects Android 12 where DatabaseManager.java functions leak Bluetooth MAC addresses via log information disclosure. The root cause is log exposure of MAC addresses, enabling local information disclosure with System privileges needed (no user interaction). Exploitation details are n...
CVE-2021-1006
In several functions of DatabaseManager.java, there is a possible leak of Bluetooth MAC addresses due to log information disclosure. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...
CVE-2021-0549
In sspRequestCallback of BondStateMachine.java, there is a possible leak of Bluetooth MAC addresses due to log information disclosure. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...
CVE-2021-0549
In sspRequestCallback of BondStateMachine.java, there is a possible leak of Bluetooth MAC addresses due to log information disclosure. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...
CVE-2021-0549
CVE-2021-0549 affects Android 11 (Android-11) Bluetooth stack; the vulnerability is in sspRequestCallback within BondStateMachine.java, where log statements can leak Bluetooth MAC addresses, causing local information disclosure with potentially SYSTEM-level privileges. The issue is confirmed acro...
CVE-2021-0319
In checkCallerIsSystemOr of CompanionDeviceManagerService.java, there is a possible way to get a nearby Bluetooth device's MAC address without appropriate permissions due to a permissions bypass. This could lead to local escalation of privilege that grants access to nearby MAC addresses, with Use...