CVE-2024-43096

High

Published: 21 January 2025

Published

21 January 2025

Modified

22 April 2025

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0025 48.1th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Description

In build_read_multi_rsp of gatt_sr.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

Security Summary

CVE-2024-43096 is a vulnerability in the build_read_multi_rsp function of gatt_sr.cc, which is part of the Android Bluetooth GATT server implementation. The issue arises from a missing bounds check, enabling an out-of-bounds write (CWE-787). It was published on January 21, 2025, with a CVSS v3.1 base score of 8.8 (AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

An attacker within adjacent physical proximity can exploit this vulnerability remotely over Bluetooth to achieve code execution. No additional execution privileges, user interaction, or authentication are required, making it accessible to unauthenticated adversaries with low-complexity attacks.

The Android Security Bulletin dated January 1, 2025, addresses this vulnerability with patches for affected Android versions, recommending that users and administrators apply the latest security updates to mitigate the risk.

Details

CWE(s): CWE-787

Affected Products

google

android

12.0, 12.1, 13.0, 14.0, 15.0

References

https://source.android.com/security/bulletin/2025-01-01
Vendor Advisory · security@android.com