CVE-2023-40078

Name of the Vulnerable Software and Affected Versions Android versions prior to the fixed version

Description The issue is related to a possible out of bounds write due to a heap buffer overflow in the a2dp vendor opus decoder decode packet function of a2dp vendor opus decoder.cc. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Recommendations As a temporary workaround, consider disabling the a2dp vendor opus decoder decode packet function until a patch is available. Update to a version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.