Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.
8.8

CVE-2024-34722: BLE Pairing on Bluetooth Devices Allows Remote Access

CVE-2024-34722 ASB-A-251514170
Summary

A security flaw in the Bluetooth pairing process on certain devices can allow an attacker to gain unauthorized access without needing a password. This can happen remotely, without any action required by the user. Update the affected device's software to fix the issue and protect against unauthorized access.

What to do
  • Update google platform/packages/modules/bluetooth to version 15-next:2025-01-01.
  • Update google platform/system/bt to version 12:2025-01-01.
  • Update google platform/system/bt to version 12L:2025-01-01.
  • Update google platform/packages/modules/bluetooth to version 13:2025-01-01.
  • Update google platform/packages/modules/bluetooth to version 14:2025-01-01.
Affected software
Ecosystem VendorProductAffected versions
– google android 12.0
12.1
13.0
14.0
cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*
Android google platform/packages/modules/bluetooth >= 15-next:0, < 15-next:2025-01-01
>= 13:0, < 13:2025-01-01
>= 14:0, < 14:2025-01-01
Fix: upgrade to 15-next:2025-01-01
Android google platform/system/bt >= 12:0, < 12:2025-01-01
>= 12L:0, < 12L:2025-01-01
Fix: upgrade to 12:2025-01-01
Original title
In smp_proc_rand of smp_act.cc, there is a possible authentication bypass during legacy BLE pairing due to incorrect implementation of a protocol. This could lead to remote escalation of privilege ...
Original description
In smp_proc_rand of smp_act.cc, there is a possible authentication bypass during legacy BLE pairing due to incorrect implementation of a protocol. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
nvd CVSS3.1 8.8
Vulnerability type
CWE-303
Published: 1 Jan 2025 · Updated: 15 Jun 2026 · First seen: 7 Mar 2026