Use After Free Vulnerability in Bluetooth Stack Affects Android Devices
CVE-2023-21125

Currently unrated

Key Information:

Vendor: Google
Status: Android
Vendor: CVE Published:; 26 August 2025

What is CVE-2023-21125?

A critical use after free vulnerability has been identified in the Bluetooth stack of Android, specifically in the function btif_hh_hsdata_rpt_copy_cb of bta_hh.cc. This flaw allows for potential memory corruption that could enable local privilege escalation via Bluetooth without the need for additional execution privileges or user interaction. Consequently, this vulnerability poses significant security risks for devices running affected versions of Android, necessitating immediate attention and remediation.

Affected Version(s)

Android 12L

Android 12

References

https://android.googlesource.com/platform/system/bt/+/e7b...

https://source.android.com/security/bulletin/2025-03-01

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 26, 2025
Vulnerability Reserved
Nov 3, 2022

Google

What is CVE-2023-21125?

Affected Version(s)

References

Timeline