Executive Summary

CVE-2023-35657 is an out-of-bounds (OOB) read vulnerability in the Android Bluetooth module, specifically in the Fluoride Bluetooth stack. It occurs because the function bta_av_setconfig_rej incorrectly assumes the type of a union member passed to it, leading to reading memory outside the intended bounds. This type confusion causes the function to access invalid memory, which can disclose local information without needing any special privileges or user interaction. [1]

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can lead to local information disclosure on affected Android devices. An attacker could exploit this flaw to read sensitive data from memory without requiring additional execution privileges or user interaction. While it does not allow code execution or remote attacks, the exposure of local information could be leveraged in further attacks or to compromise user privacy. [1]

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by building and running the Fluoride Bluetooth stack with the provided fix and running its automated libbluetooth tests and manual tests. The Fluoride Bluetooth daemon (btadapterd) can be run on Linux to monitor Bluetooth interfaces (default hci0). There are no specific detection commands provided, but setting up the build environment and running the tests as described in the resource can help identify the issue. [1]

Useful 0 Not Useful 0

Mitigation Strategies

Immediate mitigation involves updating the Fluoride Bluetooth stack to include the fix committed on April 5, 2024, which corrects the out-of-bounds read by modifying the function bta_av_setconfig_rej to avoid incorrect union member assumptions. If using affected Android or Linux systems with the Fluoride Bluetooth stack, apply the patch or update to a version including this fix. Additionally, running the updated btadapterd daemon can help ensure the vulnerability is addressed. [1]

Useful 0 Not Useful 0