CVE-2022-20126

HIGH

Android - Missing Authorization in AdapterService Bluetooth Discovery Mode

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-20126. PoCs published by Trinadh465.

AI-analyzed exploit summary This repository contains a proof-of-concept exploit for CVE-2022-20126, a vulnerability in the Android Bluetooth stack. The exploit targets the A2DP (Advanced Audio Distribution Profile) component, leveraging native JNI (Java Native Interface) code to manipulate Bluetooth connections and audio states.

Description

In setScanMode of AdapterService.java, there is a possible way to enable Bluetooth discovery mode without user interaction due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-203431023

Exploits (1)

nomisec WORKING POC 3 stars
by Trinadh465 · poc
https://github.com/Trinadh465/packages_apps_Bluetooth_AOSP10_r33_CVE-2022-20126

This repository contains a proof-of-concept exploit for CVE-2022-20126, a vulnerability in the Android Bluetooth stack. The exploit targets the A2DP (Advanced Audio Distribution Profile) component, leveraging native JNI (Java Native Interface) code to manipulate Bluetooth connections and audio states.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Android Bluetooth Stack (AOSP 10 r33)
No auth needed
Prerequisites: Physical proximity to the target device · Bluetooth enabled on the target device
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References

Scores

CVSS v3 7.3
EPSS 0.0024
EPSS Percentile 14.4%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-862
Status published
Products (4)
google/android 10.0
google/android 11.0
google/android 12.0
google/android 12.1
Published Jun 15, 2022
Tracked Since Feb 18, 2026