CVE-2022-20133
📋 TL;DR
This vulnerability allows local attackers to bypass user interaction requirements for Bluetooth discoverable timeout settings due to a missing permission check in Android's Bluetooth adapter service. It enables local privilege escalation on affected Android devices without requiring user interaction. Users running Android 10 through 12L are affected.
💻 Affected Systems
- Android
📦 What is this software?
Android by Google
Android by Google
Android by Google
Android by Google
⚠️ Risk & Real-World Impact
Worst Case
An attacker with local access could gain elevated system privileges, potentially compromising the entire device, accessing sensitive data, or installing persistent malware.
Likely Case
Malicious apps could abuse Bluetooth settings without user consent, potentially enabling unauthorized device pairing or Bluetooth-based attacks.
If Mitigated
With proper app sandboxing and security updates, the risk is limited to apps that have already gained execution privileges on the device.
🎯 Exploit Status
Exploitation requires local execution privileges and knowledge of the vulnerability. No public exploit code has been identified.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Android Security Bulletin June 2022 patches
Vendor Advisory: https://source.android.com/security/bulletin/2022-06-01
Restart Required: Yes
Instructions:
1. Check for Android system updates in Settings > System > System update. 2. Install the June 2022 security patch or later. 3. Reboot device after installation.
🔧 Temporary Workarounds
Disable Bluetooth when not in use
androidReduces attack surface by disabling Bluetooth functionality
Settings > Connected devices > Connection preferences > Bluetooth > Toggle off
Restrict app permissions
androidReview and restrict Bluetooth permissions for untrusted apps
Settings > Apps > [App Name] > Permissions > Nearby devices > Deny
🧯 If You Can't Patch
- Implement mobile device management (MDM) policies to restrict app installations
- Use application allowlisting to prevent unauthorized apps from running
🔍 How to Verify
Check if Vulnerable:
Check Android version in Settings > About phone > Android version. If version is 10, 11, 12, or 12L without June 2022 patches, device is vulnerable.Check Version:
adb shell getprop ro.build.version.release && adb shell getprop ro.build.version.security_patchVerify Fix Applied:
Verify Android security patch level in Settings > About phone > Android security patch level. Should show 'June 5, 2022' or later.📡 Detection & Monitoring
Log Indicators:
- Unusual Bluetooth service calls in system logs
- Permission denial errors for Bluetooth operations
Network Indicators:
- Unexpected Bluetooth pairing attempts
- Abnormal Bluetooth discovery activity
SIEM Query:
source="android_system" AND (process="com.android.bluetooth" OR service="AdapterService") AND (event="setDiscoverableTimeout" OR permission="android.permission.BLUETOOTH_ADMIN")