CVE-2023-40129

Name of the Vulnerable Software and Affected Versions Android (affected versions not specified)

Description A flaw exists in the Android operating system's Bluetooth stack, specifically within the build read multi rsp function of gatt sr.cc. This issue is due to insufficient input validation, leading to a heap buffer overflow and a potential integer underflow. Successful exploitation allows a remote attacker to execute arbitrary code without requiring user interaction or authentication. The vulnerability resides in the handling of the GATT REQ READ MULTI VAR opcode. The vulnerability can lead to a denial-of-service or, under favorable conditions, remote code execution within the Bluetooth daemon. Exploitation involves crafting and sending specially designed Read Multiple requests that cause the build read multi rsp() function to incorrectly calculate the total response size, resulting in a heap corruption. The vulnerability has been demonstrated on devices using Jemalloc (Xiaomi 12T) and Scudo (Samsung A54).

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.