CVE-2023-20980

Name of the Vulnerable Software and Affected Versions Android versions prior to Android-13

Description The issue is related to a possible out of bounds read in the Bluetooth server due to a missing bounds check in the btu ble ll conn param upd evt function of btu hcif.cc. This could lead to local information disclosure with System execution privileges needed, and user interaction is not required for exploitation.

Recommendations For Android versions prior to Android-13, update to Android-13 or a later version to resolve the issue. As a temporary workaround, consider restricting access to the Bluetooth server to minimize the risk of exploitation.