CVE-2023-20991 – This CVE describes an out-of-bounds read vulner... (How to Fix)

Q: What is the severity of CVE-2023-20991?

CVE-2023-20991 has a CVSS score of 4.4 (MEDIUM). This CVE describes an out-of-bounds read vulnerability in Android's Bluetooth Low Energy (BLE) scanner component. It allows local information disclosure when exploited by an attacker with system execution privileges, affecting Android 13 devices. No user interaction is required for exploitation.

📋 TL;DR

This CVE describes an out-of-bounds read vulnerability in Android's Bluetooth Low Energy (BLE) scanner component. It allows local information disclosure when exploited by an attacker with system execution privileges, affecting Android 13 devices. No user interaction is required for exploitation.

💻 Affected Systems

Products:

Android

Versions: Android 13

Operating Systems: Android

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects devices running Android 13. Requires system execution privileges for exploitation.

📦 What is this software?

Android by Google

View all CVEs affecting Android →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker with system privileges could read sensitive memory contents from adjacent processes, potentially exposing cryptographic keys, authentication tokens, or other protected data.

🟠

Likely Case

Limited information disclosure of non-critical memory contents due to the need for system privileges and the specific nature of the BLE component.

🟢

If Mitigated

Minimal impact if proper privilege separation and memory protection mechanisms are in place.

🌐 Internet-Facing: LOW - This is a local vulnerability requiring system privileges, not directly exploitable over the internet.

🏢 Internal Only: MEDIUM - While it requires system privileges, it could be exploited by malicious apps or compromised system components within the device.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires system privileges and knowledge of the specific memory layout. No public exploit code is known.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Android Security Patch Level June 2023 or later

Vendor Advisory: https://source.android.com/security/bulletin/pixel/2023-06-01

Restart Required: Yes

Instructions:

1. Check for system updates in Settings > System > System update. 2. Install the June 2023 or later Android security patch. 3. Reboot the device after installation.

🔧 Temporary Workarounds

Disable Bluetooth when not in use

android

Reduces attack surface by disabling the vulnerable BLE component

adb shell settings put global bluetooth_on 0

🧯 If You Can't Patch

Restrict installation of untrusted applications that could gain system privileges
Implement strict privilege separation and monitor for unusual system process behavior

🔍 How to Verify

Check if Vulnerable:

Check Android version and security patch level in Settings > About phone > Android version

Check Version:

adb shell getprop ro.build.version.security_patch

Verify Fix Applied:

Verify security patch level is June 2023 or later in Settings > About phone > Android version

📡 Detection & Monitoring

Log Indicators:

Unusual Bluetooth stack crashes or memory access violations in system logs

Network Indicators:

None - this is a local vulnerability

SIEM Query:

source="android_system" AND (event="btm_ble_process_periodic_adv_sync_lost_evt" OR error="memory_access_violation")

📊 Metadata

CVE ID: CVE-2023-20991

CVSS v3 Score: 4.4 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-125

Published: March 24, 2023

Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-20991, you might also want to check these: