CRITICAL🇵🇱 Wersja polska

CVE-2025-22435

CVSS 9.8v3.1pub. 2025-09-02upd. 2025-09-04

In avdt_msg_ind of avdt_msg.cc, there is a possible memory corruption due to type confusion. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

🤖 AI Analysis
How it works

The bug lies in improper handling of data types (CWE-843 — type confusion) in the avdt_msg_ind function responsible for processing AVDT protocol messages (Audio/Video Distribution Transport). An attacker with a previously paired Bluetooth device can send a specially crafted message that causes memory corruption. Exploitation does not require any additional privileges on the attacker's side or user interaction from the victim.

Impact

A paired malicious Bluetooth device can gain elevated privileges on a vulnerable Android device (privilege escalation), which consequently may lead to full system takeover.

Mitigation & patch

Security patches available from the manufacturer should be applied according to references — the fix was published as part of the Android Security Bulletin dated 2025-04-01 (commit efa5f4ef386a8947f4777840c5cefff389740e86 in the Bluetooth module). It is recommended to update the Android system to a version containing the security patch from the mentioned bulletin as soon as possible.

Who is affected

Google Android — versions indicated in the manufacturer's references (Android Security Bulletin dated 2025-04-01)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Google Android

    OS
    Google
    13.014.015.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2020-16010CRITICAL9.6⚠ KEVten sam produkt

Heap buffer overflow in UI in Google Chrome on Android prior to 86.0.4240.185 allowed a remote attacker who ha...

CVE-2016-1019CRITICAL9.8⚠ KEVten sam produkt

Adobe Flash Player 21.0.0.197 and earlier allows remote attackers to cause a denial of service (application cr...

CVE-2026-13851CRITICAL9.1ten sam produkt

Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android prior to 150.0.7871.4...

CVE-2026-13852CRITICAL9.1ten sam produkt

Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android prior to 150.0.7871.4...

CVE-2026-14106CRITICAL9.6ten sam produkt

Insufficient validation of untrusted input in Text in Google Chrome on Android prior to 150.0.7871.47 allowed ...