Description
In bta_jv_rfcomm_connect of bta_jv_act.cc, there is a possible bypass of bonding for a secure connection due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Published: 2026-06-01
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

This vulnerability is located in the bta_jv_rfcomm_connect function of bta_jv_act.cc, where a logic error allows an application to establish a secure Bluetooth connection without completing the required bonding process. The result is a local escalation of privilege; an attacker who has local access to the device’s Bluetooth stack can gain higher privileges on the device without acquiring additional execution rights. No user interaction is necessary, and the flaw does not provide remote code execution or remote access.

Affected Systems

Google Android devices that contain the affected Bluetooth stack implementation are susceptible. No specific build or version number is cited in the advisory, so all current Android releases that include the affected code may be vulnerable until a vendor update is applied.

Risk and Exploitability

Because the flaw directly enables local privilege escalation, the potential impact is high. The CVSS score is not disclosed, but the logical bypass is severe. The EPSS score is not available and this vulnerability is not listed in the CISA KEV catalog, indicating no known public exploits at this time. Attackers with local access to the Bluetooth interface can exploit the defect automatically, with no user interaction required.

Generated by OpenCVE AI on June 1, 2026 at 23:41 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the 2026‑06‑01 Android security patch, which corrects the bonding logic error in bta_jv_rfcomm_connect.
  • If no patch is yet available or if a temporary measure is needed, disable Bluetooth or lock the device to prevent unauthorized connections.
  • Configure the device to enforce strict bonding policies, rejecting any unbonded connections, and monitor system logs for unexpected Bluetooth activity.

Generated by OpenCVE AI on June 1, 2026 at 23:41 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 02 Jun 2026 14:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-693
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 02 Jun 2026 00:00:00 +0000

Type Values Removed Values Added
Title Bluetooth Bonding Bypass Enables Local Privilege Escalation on Android
Weaknesses CWE-264
CWE-284

Mon, 01 Jun 2026 23:00:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google android
Vendors & Products Google
Google android

Mon, 01 Jun 2026 21:45:00 +0000

Type Values Removed Values Added
Description In bta_jv_rfcomm_connect of bta_jv_act.cc, there is a possible bypass of bonding for a secure connection due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References

Subscriptions

Google Android
cve-icon MITRE

Status: PUBLISHED

Assigner: google_android

Published:

Updated: 2026-06-02T13:17:40.199Z

Reserved: 2025-10-15T15:39:36.338Z

Link: CVE-2026-0045

cve-icon Vulnrichment

Updated: 2026-06-02T13:17:33.416Z

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-06-01T22:16:20.197

Modified: 2026-06-02T14:16:41.687

Link: CVE-2026-0045

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-01T23:45:40Z

Weaknesses