Link Key Type Downgrade Vulnerability in btm_sec_encrypt_change of btm_sec.cc

Link Key Type Downgrade Vulnerability in btm_sec_encrypt_change of btm_sec.cc

CVE-2023-21115 · HIGH Severity

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

In btm_sec_encrypt_change of btm_sec.cc, there is a possible way to downgrade the link key type due to improperly used crypto. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-258834033

Learn more about our Cis Benchmark Audit For Google Android.