CVE-2020-27024

Name of the Vulnerable Software and Affected Versions Android versions Android-11

Description In the smp br state machine event function of smp br main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure triggered by a malformed Bluetooth packet, with no additional execution privileges needed. User interaction is not needed for exploitation. The Bounds Sanitizer mitigates this issue in the default configuration.

Recommendations For Android version Android-11, consider applying configuration changes to mitigate the risk of exploitation, such as enabling the Bounds Sanitizer in the default configuration. At the moment, there is no information about a newer version that contains a fix for this vulnerability.