Cyber Resilience

CVE-2024-43096

High

Published: 21 January 2025

Published
21 January 2025
Modified
22 April 2025
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0025 48.5th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-43096 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Google Android. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation of Remote Services (T1210); ranked at the 48.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2024-43096 is a vulnerability in the build_read_multi_rsp function of gatt_sr.cc, which is part of the Android Bluetooth GATT server implementation. The issue arises from a missing bounds check, enabling an out-of-bounds write (CWE-787). It was published on January 21, 2025, with a CVSS v3.1 base score of 8.8 (AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

An attacker within adjacent physical proximity can exploit this vulnerability remotely over Bluetooth to achieve code execution. No additional execution privileges, user interaction, or authentication are required, making it accessible to unauthenticated adversaries with low-complexity attacks.

The Android Security Bulletin dated January 1, 2025, addresses this vulnerability with patches for affected Android versions, recommending that users and administrators apply the latest security updates to mitigate the risk.

EU & UK References

Vulnerability details

In build_read_multi_rsp of gatt_sr.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1210 Exploitation of Remote Services Lateral Movement
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
Why these techniques?

Direct RCE via missing bounds check in Bluetooth GATT server enables exploitation of the remote Bluetooth service without authentication.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-49748Same product: Google Android
CVE-2026-0111Same product: Google Android
CVE-2024-53842Same product: Google Android
CVE-2026-0122Same product: Google Android
CVE-2026-0120Same product: Google Android
CVE-2024-49745Same product: Google Android
CVE-2025-22411Same product: Google Android
CVE-2024-49749Same product: Google Android
CVE-2024-53837Same product: Google Android
CVE-2024-53838Same product: Google Android

Affected Assets

google
android
12.0, 12.1, 13.0, 14.0, 15.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Mandates timely identification, reporting, and patching of software flaws like the missing bounds check in Android's Bluetooth GATT server build_read_multi_rsp function.

prevent

Requires validation of incoming Bluetooth GATT read multi response data to enforce bounds checks and prevent out-of-bounds writes.

prevent

Implements memory protection mechanisms such as non-executable stacks and ASLR to block code execution from out-of-bounds writes in the GATT server.

References