First published: Mon Oct 30 2023(Updated: )
In Bluetooth, there is a possibility of code-execution due to a use after free. This could lead to paired device escalation of privilege in the privileged Bluetooth process with no additional execution privileges needed. User interaction is not needed for exploitation.
Credit: security@android.com
Affected Software | Affected Version | How to fix |
---|---|---|
Google Android | =14.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this Bluetooth vulnerability is CVE-2023-21361.
CVE-2023-21361 has a severity rating of 8.8 (high).
The vulnerability affects devices running Google Android 14.0.
CVE-2023-21361 exploits a use after free vulnerability in Bluetooth, allowing execution of malicious code.
No, user interaction is not needed for the exploitation of CVE-2023-21361.