CVE-2025-26441
BaseFortify
Publication date: 2025-09-04
Last updated on: 2025-09-08
Assigner: Android (associated with Google Inc. or Open Handset Alliance)
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| android | 13.0 | |
| android | 14.0 | |
| android | 15.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-26441 is an out-of-bounds (OOB) read vulnerability in the Android Bluetooth module, specifically in the add_attr function of the sdp_discovery.cc file. The issue occurs when the function attempts to read beyond the valid memory boundary because it lacks a proper bounds check. This happens when a pointer is exactly one byte short of its end pointer, causing the function to read the type of the next attribute outside the allowed memory range. This flaw can lead to unintended information disclosure. [1]
How can this vulnerability impact me? :
This vulnerability can lead to remote information disclosure without requiring any additional execution privileges or user interaction. An attacker could exploit this flaw remotely via Bluetooth to read sensitive memory contents, potentially exposing private data from the affected device. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of CVE-2025-26441 involves verifying if the affected Android Bluetooth module with the vulnerable add_attr function is present and unpatched. Since the vulnerability is an out-of-bounds read in the SDP discovery code, direct detection via network commands is not specified. However, you can check the Bluetooth daemon version or build to see if the patch commit 5e3953251ab50bcdb6058f5e5afc82d6271c6e1e is applied. On Linux systems running the Fluoride Bluetooth stack, you can check the btadapterd version or rebuild from source with the fixed code. No specific detection commands are provided in the resources. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating the Android Bluetooth module or the Fluoride Bluetooth stack to include the patch that adds the missing boundary check in the add_attr function. This involves applying the commit 5e3953251ab50bcdb6058f5e5afc82d6271c6e1e to the source code and rebuilding the Bluetooth stack. For Linux environments, follow the build instructions using the provided build.py script with the --run-bootstrap option to ensure dependencies and patches are correctly applied. Running the updated Bluetooth daemon (btadapterd) will mitigate the vulnerability. No user interaction is needed for exploitation, so patching promptly is critical. [1]