CVE-2023-40080

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Dec 4, 2023

Updated: Feb 15, 2024

CWE ID 787

Summary

CVE-2023-40080 is a recently disclosed vulnerability affecting multiple functions in the btm_ble_gap.cc file. A logic error in the code allows for a possible out-of-bounds write, resulting in local privilege escalation. Notably, no additional execution privileges are required for an attacker to exploit this vulnerability, and user interaction is not a prerequisite. This issue could potentially have serious consequences if left unaddressed in Bluetooth Low Energy (BLE) applications.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Android

Affected Vendors

Google

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sRbnlO
https://www.cve.org/CVERecord?id=CVE-2023-40080
https://nvd.nist.gov/vuln/detail/CVE-2023-40080

Back to Vulnerability Database