The vulnerability is an integer overflow in the l2c_fcr_clone_buf function within Android’s Bluetooth subsystem. This overflow can corrupt heap memory when the function is invoked, potentially allowing an attacker running on the device to elevate privileges within the privileged Bluetooth daemon. The flaw requires no user interaction and does not grant additional execution privileges beyond what the attacker already possesses. The primary impact is therefore an escalation of local privileges rather than remote code execution or denial of service.

Google Android devices operating the Bluetooth stack are affected. No specific Android version or build was enumerated in the provided data, so any device that incorporates the affected Bluetooth implementation may be at risk.

The absence of an EPSS score and the lack of listing in the CISA KEV catalog indicate that the exploit is not currently known to be employed in the wild, but the flaw can be triggered locally by any process that can influence the Bluetooth daemon. The attack vector is inferred to be local, leveraging the privileged nature of the Bluetooth process, and would likely require the attacker to have some level of local system access. Theoretically, the vulnerability could lead to a complete compromise of the device if an attacker gains control of the Bluetooth service, allowing broad access to other privileged components. The severity, reflected in a CVSS score of 8, indicates a high risk due to the privilege escalation potential, even though public exploitation evidence is absent.