CVE-2020-0138

CRITICAL

Android 10 - Out-of-bounds Write in btif_rc.cc get_element_attr_rsp

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-0138. PoCs published by Satheesh575555.

AI-analyzed exploit summary This repository contains a proof-of-concept exploit for CVE-2020-0138, targeting the Fluoride Bluetooth stack in Android. The exploit includes build scripts and source code for the Bluetooth stack, focusing on the SBC decoder component where the vulnerability resides.

Description

In get_element_attr_rsp of btif_rc.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution if bluetoothtbd were used, which it isn't in typical Android platforms, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-142878416

Exploits (1)

nomisec WORKING POC
by Satheesh575555 · poc
https://github.com/Satheesh575555/system_bt_AOSP10_r33-CVE-2020-0138

This repository contains a proof-of-concept exploit for CVE-2020-0138, targeting the Fluoride Bluetooth stack in Android. The exploit includes build scripts and source code for the Bluetooth stack, focusing on the SBC decoder component where the vulnerability resides.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Android Fluoride Bluetooth stack (AOSP 10 r33)
No auth needed
Prerequisites: Access to a vulnerable Android device with Bluetooth enabled · Proximity to the target device for Bluetooth exploitation
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References
Patch, Vendor Advisory x_refsource_misc
https://source.android.com/security/bulletin/pixel/2020-06-01

Scores

CVSS v3 9.8
EPSS 0.0135
EPSS Percentile 68.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-787
Status published
Products (1)
google/android 10.0
Published Jun 11, 2020
Tracked Since Feb 18, 2026