CVE-2020-0183

HIGH

Android 10 - Local Privilege Escalation via BluetoothManagerService Incomplete Reset

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-0183. PoCs published by nanopathi.

AI-analyzed exploit summary This repository contains a proof-of-concept exploit for CVE-2020-0183, a vulnerability in the Android Bluetooth stack. The exploit targets the A2DP (Advanced Audio Distribution Profile) component, leveraging native code to manipulate Bluetooth connections and audio states.

Description

In handleMessage of BluetoothManagerService, there is an incomplete reset. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-110181479

Exploits (1)

nomisec WORKING POC

by nanopathi · poc

https://github.com/nanopathi/packages_apps_Bluetooth_AOSP10_r33_CVE-2020-0183

View Code ZIP pw:eip

This repository contains a proof-of-concept exploit for CVE-2020-0183, a vulnerability in the Android Bluetooth stack. The exploit targets the A2DP (Advanced Audio Distribution Profile) component, leveraging native code to manipulate Bluetooth connections and audio states.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Android Bluetooth Stack (AOSP 10 r33)

No auth needed

Prerequisites: Physical proximity to the target device · Bluetooth enabled on the target device

MITRE ATT&CK

T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Patch, Vendor Advisory x_refsource_misc

https://source.android.com/security/bulletin/pixel/2020-06-01

Scores

CVSS v3 7.8

EPSS 0.0030

EPSS Percentile 21.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-459

Status published

Products (1)

google/android 10.0

Published Jun 11, 2020

Tracked Since Feb 18, 2026