CVE-2023-40090

Summary

In BTM_BleVerifySignature of btm_ble.cc, there is a possible way to bypass signature validation due to side channel information disclosure. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Software

VendorProductVersion RangeStatus
GoogleAndroid14affected
GoogleAndroid13affected
GoogleAndroid12Laffected
GoogleAndroid12affected
GoogleAndroid11affected

Weaknesses

  • Elevation of privilege

ADP Enrichment

CVE Program Container

Additional References

References