CVE-2023-21197 – This vulnerability allows remote attackers to r... (How to Fix)

Q: What is the severity of CVE-2023-21197?

CVE-2023-21197 has a CVSS score of 7.5 (HIGH). This vulnerability allows remote attackers to read memory beyond intended bounds in Android's Bluetooth stack, potentially disclosing sensitive information without user interaction. It affects Android 13 devices, particularly those with specific Bluetooth configurations.

📋 TL;DR

This vulnerability allows remote attackers to read memory beyond intended bounds in Android's Bluetooth stack, potentially disclosing sensitive information without user interaction. It affects Android 13 devices, particularly those with specific Bluetooth configurations.

💻 Affected Systems

Products:

Android

Versions: Android 13

Operating Systems: Android

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability is in the Bluetooth stack; devices with Bluetooth enabled are at risk.

📦 What is this software?

Android by Google

View all CVEs affecting Android →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote information disclosure could leak sensitive data like device identifiers or Bluetooth session details, potentially aiding further attacks.

🟠

Likely Case

Limited information disclosure, such as memory contents from the Bluetooth process, with minimal direct impact on device integrity.

🟢

If Mitigated

No impact if patched or if Bluetooth is disabled on affected devices.

🌐 Internet-Facing: MEDIUM, as exploitation requires Bluetooth proximity but no internet connection directly, though remote attackers could exploit via nearby Bluetooth.

🏢 Internal Only: LOW, as this is a device-specific vulnerability not typically exploitable over internal networks without Bluetooth access.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires Bluetooth access and knowledge of the vulnerability, but no user interaction or privileges.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Android security updates from June 2023 or later

Vendor Advisory: https://source.android.com/security/bulletin/pixel/2023-06-01

Restart Required: Yes

Instructions:

1. Check for system updates in Android Settings. 2. Install the latest security patch. 3. Restart the device to apply changes.

🔧 Temporary Workarounds

Disable Bluetooth

android

Turn off Bluetooth to prevent exploitation via this vulnerability.

Settings > Connected devices > Connection preferences > Bluetooth > Toggle off

🧯 If You Can't Patch

Disable Bluetooth when not in use to reduce attack surface.
Limit Bluetooth visibility and pairing to trusted devices only.

🔍 How to Verify

Check if Vulnerable:

Check Android version and security patch level in Settings > About phone > Android version and Security update level.

Check Version:

adb shell getprop ro.build.version.security_patch

Verify Fix Applied:

Ensure security patch level is June 2023 or later; if so, the fix is applied.

📡 Detection & Monitoring

Log Indicators:

Unusual Bluetooth stack crashes or errors in system logs, such as in logcat.

Network Indicators:

Anomalous Bluetooth connection attempts or packet patterns from untrusted sources.

SIEM Query:

Search for logs containing 'btm_acl' errors or Bluetooth service crashes on Android devices.

📊 Metadata

CVE ID: CVE-2023-21197

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-125

Published: June 28, 2023

Last Updated: November 21, 2024

🔗 References

https://source.android.com/security/bulletin/pixel/2023-06-01 Vendor Advisory
https://source.android.com/security/bulletin/pixel/2023-06-01 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-21197, you might also want to check these: