Use After Free Vulnerability in Bluetooth Stack Affects Android Devices
CVE-2023-21125

8HIGH

Key Information:

Vendor: Google
Status: Android
Vendor: CVE Published:; 26 August 2025

What is CVE-2023-21125?

A critical use after free vulnerability has been identified in the Bluetooth stack of Android, specifically in the function btif_hh_hsdata_rpt_copy_cb of bta_hh.cc. This flaw allows for potential memory corruption that could enable local privilege escalation via Bluetooth without the need for additional execution privileges or user interaction. Consequently, this vulnerability poses significant security risks for devices running affected versions of Android, necessitating immediate attention and remediation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Android 12L

Android 12

References

https://android.googlesource.com/platform/system/bt/+/e7b...

https://source.android.com/security/bulletin/2025-03-01

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 26, 2025
Vulnerability Reserved
Nov 3, 2022

JSON

Google

What is CVE-2023-21125?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.