First published: Mon Dec 04 2023(Updated: )
In BTM_BleVerifySignature of btm_ble.cc, there is a possible way to bypass signature validation due to side channel information disclosure. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Credit: security@android.com
Affected Software | Affected Version | How to fix |
---|---|---|
Google Android | ||
Google Android | =11.0 | |
Google Android | =12.0 | |
Google Android | =12.1 | |
Google Android | =13.0 | |
Google Android | =14.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-40090 is a vulnerability in the BTM_BleVerifySignature function of btm_ble.cc in Google Android, which allows bypassing of signature validation.
CVE-2023-40090 can be exploited by leveraging a side channel information disclosure to bypass signature validation, leading to remote escalation of privilege.
CVE-2023-40090 has a severity level of high.
No, user interaction is not needed for the exploitation of CVE-2023-40090.
To fix CVE-2023-40090, it is recommended to apply the necessary security updates provided by Google for Android.