Preface: Bluetooth is now a regular part of your mobile experience. It covers everything from audio to wireless headphones and speakers, pairing game controllers and keyboards, network connections, and even the occasional file transfer over the air.
Background: What is Bluetooth adapter in Android? The BluetoothAdapter lets you perform fundamental Bluetooth tasks, such as initiate device discovery, query a list of bonded (paired) devices, instantiate a BluetoothDevice using a known MAC address, and create a BluetoothServerSocket to listen for connection requests from other devices.
Vulnerability details: In callback_thread_event of com_android_bluetooth_btservice_AdapterService[.]cpp, there is a possible memory corruption due to a use after free. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
Official announcement: This vulnerability was named CVE-2023-40088 since 9th Aug 2023 and announced to public on 5th Dec 2023. The advisory is available at:
https://source.android.com/docs/security/bulletin/2023-12-01