CVE-2023-35673
📋 TL;DR
This CVE describes an integer overflow vulnerability in Android's Bluetooth stack (gatt_sr.cc) that allows remote attackers within Bluetooth range to execute arbitrary code without user interaction. It affects Android devices with vulnerable Bluetooth implementations, potentially enabling complete device compromise.
💻 Affected Systems
- Android devices with Bluetooth functionality
📦 What is this software?
Android by Google
Android by Google
Android by Google
Android by Google
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution leading to full device compromise, data theft, persistence, and lateral movement within Bluetooth range.
Likely Case
Device crash/DoS or limited code execution for privilege escalation and data access.
If Mitigated
No impact if patched or Bluetooth disabled; limited impact with network segmentation.
🎯 Exploit Status
No authentication required, but requires Bluetooth proximity and specific packet crafting.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: September 2023 Android Security Patch or later
Vendor Advisory: https://source.android.com/security/bulletin/2023-09-01
Restart Required: Yes
Instructions:
1. Check for Android system updates in Settings > System > System update. 2. Install September 2023 or later security patch. 3. Reboot device after installation.
🔧 Temporary Workarounds
Disable Bluetooth
androidTurn off Bluetooth when not in use to prevent exploitation
adb shell settings put global bluetooth_on 0
Settings > Connected devices > Connection preferences > Bluetooth > Toggle off
Restrict Bluetooth visibility
androidSet Bluetooth to non-discoverable mode to reduce attack surface
Settings > Connected devices > Connection preferences > Bluetooth > Device name > Turn off 'Make device discoverable'
🧯 If You Can't Patch
- Disable Bluetooth completely on all vulnerable devices
- Implement physical security controls to restrict Bluetooth proximity to untrusted devices
🔍 How to Verify
Check if Vulnerable:
Check Android security patch level in Settings > About phone > Android version > Security patch level. If before September 2023, device is vulnerable.Check Version:
adb shell getprop ro.build.version.security_patchVerify Fix Applied:
Verify security patch level shows September 2023 or later date.📡 Detection & Monitoring
Log Indicators:
- Bluetooth stack crashes in logcat
- Unexpected Bluetooth GATT operations
- Multiple failed Bluetooth connection attempts from unknown devices
Network Indicators:
- Unusual Bluetooth traffic patterns
- Malformed Bluetooth packets
- Connection attempts to multiple devices in short time
SIEM Query:
source="android_logs" "Bluetooth" "crash" OR "GATT" "error" | stats count by device_id🔗 References
- https://android.googlesource.com/platform/packages/modules/Bluetooth/+/8770c07c102c7fdc74626dc717acc8f6dd1c92cc
- https://source.android.com/security/bulletin/2023-09-01
- https://android.googlesource.com/platform/packages/modules/Bluetooth/+/8770c07c102c7fdc74626dc717acc8f6dd1c92cc
- https://source.android.com/security/bulletin/2023-09-01
