Logic Error in Bluetooth SDP Discovery Allows Remote Code Execution
CVE-2025-22411
Currently unrated
What is CVE-2025-22411?
A logic error in the process_service_attr_rsp function of sdp_discovery.cc in the Android Bluetooth module presents a security flaw that could allow for remote code execution. This vulnerability hinges on a use-after-free condition that could be exploited without the need for user interaction or elevated privileges. Malicious actors within proximity can take advantage of the flaw, posing a risk to the integrity of affected devices.
Affected Version(s)
Android 15