Cyber Resilience

CVE-2024-43770

High

Published: 21 January 2025

Published
21 January 2025
Modified
22 April 2025
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0004 13.7th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-43770 is a high-severity Code Injection (CWE-94) vulnerability in Google Android. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation of Remote Services (T1210); ranked at the 13.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2024-43770 is a vulnerability involving an out-of-bounds write due to a missing bounds check in the gatts_process_find_info function of gatt_sr.cc. This issue affects the Android Bluetooth GATT server component.

The vulnerability enables remote proximal or adjacent code execution with no additional execution privileges required and no user interaction needed. Per the CVSS v3.1 score of 8.8 (AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), an unauthenticated attacker within Bluetooth range can exploit it with low complexity to gain high-impact control over confidentiality, integrity, and availability.

The Android Security Bulletin for January 2025 at https://source.android.com/security/bulletin/2025-01-01 details patches addressing this CVE in supported Android versions.

EU & UK References

Vulnerability details

In gatts_process_find_info of gatt_sr.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1210 Exploitation of Remote Services Lateral Movement
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
Why these techniques?

OOB write in Android Bluetooth GATT server enables unauthenticated adjacent RCE, directly mapping to exploitation of an exposed remote service over Bluetooth.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-43771Same product: Google Android
CVE-2024-49747Same product: Google Android
CVE-2025-22411Same product: Google Android
CVE-2024-43767Same product: Google Android
CVE-2025-0075Same product: Google Android
CVE-2024-43096Same product: Google Android
CVE-2024-49748Same product: Google Android
CVE-2025-22412Same product: Google Android
CVE-2025-26438Same product: Google Android
CVE-2026-0073Same product: Google Android

Affected Assets

google
android
12.0, 12.1, 13.0, 14.0, 15.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces bounds checking and validation on information inputs to the gatts_process_find_info function, directly preventing the out-of-bounds write in Bluetooth GATT server processing.

prevent

Provides memory protection mechanisms such as bounds checking and stack guards that mitigate out-of-bounds writes even if input validation fails in the GATT server.

prevent

Requires timely remediation of identified flaws like the missing bounds check in gatt_sr.cc, as addressed by the Android Security Bulletin patches.

References