1. Home
  2. CVE Database
  3. CVE-2023-21125
HIGH · 8.0

CVE-2023-21125

In btif_hh_hsdata_rpt_copy_cb of bta_hh.cc, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege over Bluetooth with no additional execut...

Vulnerability Description

In btif_hh_hsdata_rpt_copy_cb of bta_hh.cc, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.

CVSS Score

8.0

HIGH

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
GoogleAndroid12.0

Related Weaknesses (CWE)

CWE-416

References

FAQ

What is CVE-2023-21125?

CVE-2023-21125 is a vulnerability with a CVSS score of 8.0 (HIGH). In btif_hh_hsdata_rpt_copy_cb of bta_hh.cc, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege over Bluetooth with no additional execut...

How severe is CVE-2023-21125?

CVE-2023-21125 has been rated HIGH with a CVSS base score of 8.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-21125?

Check the references section above for vendor advisories and patch information. Affected products include: Google Android.