CVE-2024-0030

MEDIUM

Android - Out-of-Bounds Read in btif_to_bta_response

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-0030. PoCs published by uthrasri.

AI-analyzed exploit summary The repository contains a partial code snippet from `btif_gatt_util.c`, which is part of the Bluetooth stack. It includes utility functions for UUID handling and GATT operations but lacks exploit-specific code or a clear demonstration of CVE-2024-0030. The file appears to be a legitimate component of the Bluetooth system, possibly used for reference or analysis.

Description

In btif_to_bta_response of btif_gatt_util.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Exploits (1)

nomisec WRITEUP
by uthrasri · poc
https://github.com/uthrasri/system_bt_CVE-2024-0030

The repository contains a partial code snippet from `btif_gatt_util.c`, which is part of the Bluetooth stack. It includes utility functions for UUID handling and GATT operations but lacks exploit-specific code or a clear demonstration of CVE-2024-0030. The file appears to be a legitimate component of the Bluetooth system, possibly used for reference or analysis.

Classification
Writeup 90%
Attack Type
Other
Complexity
Moderate
Reliability
Theoretical
Target: Broadcom Bluetooth stack (system_bt)
No auth needed
Prerequisites: Access to Bluetooth stack internals · Knowledge of GATT operations
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 5.5
EPSS 0.0039
EPSS Percentile 30.1%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-125
Status published
Products (5)
google/android 11.0
google/android 12.0
google/android 12.1
google/android 13.0
google/android 14.0
Published Feb 16, 2024
Tracked Since Feb 18, 2026