CVE-2024-43096

Name of the Vulnerable Software and Affected Versions Android versions prior to the January 5, 2025 patch

Description The issue is related to a missing bounds check in the build read multi rsp function of gatt sr.cc, which could lead to a possible out of bounds write. This could result in remote code execution with no additional execution privileges needed. User interaction is not required for exploitation. The vulnerability is associated with incorrect code generation management in the Android operating system.

Recommendations For Android versions prior to the January 5, 2025 patch, update devices as soon as possible with the January 5, 2025 patch to avoid remote access and data breaches. Enable auto-updates and be cautious online. As a temporary workaround, consider restricting access to the build read multi rsp function and the tGATT SR CMD until a patch is available. Avoid setting the mtu parameter to zero in the request parameters. Restrict the use of multiple invalid or controlled handles.