ГлавнаяУязвимости → CVE-2023-21125
8высокая

CVE-2023-21125

Описание

In btif_hh_hsdata_rpt_copy_cb of bta_hh.cc, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.

Затрагиваемое ПО
Google Android
CVSS
Балл8 — высокая
ВекторCVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Источники
https://android.googlesource.com/platform/system/bt/+/e7b978841deb331ff5e5849388fa92ee4c40f979https://source.android.com/security/bulletin/2025-03-01