Skip to main content
CVE Vulnerability Database
Vulnerability Database/CVE-2024-34727

CVE-2024-34727: Google Android Buffer Overflow Flaw

CVE-2024-34727 is a heap buffer overflow in Google Android's sdpu_compare_uuid_with_attr function that enables remote information disclosure without user interaction. This article covers technical details, affected versions, impact assessment, and mitigation strategies.

Published:

CVE-2024-34727 Overview

CVE-2024-34727 is an out-of-bounds read vulnerability in the Android Bluetooth stack. The flaw resides in the sdpu_compare_uuid_with_attr function of sdp_utils.cc, where a heap buffer overflow enables a remote attacker to read adjacent memory. Exploitation requires no user interaction and no additional execution privileges. The vulnerability affects Android versions 12.0, 12.1, 13.0, and 14.0. Google addressed the issue in the August 2024 Android Security Bulletin. The defect is classified under [CWE-120] (Buffer Copy without Checking Size of Input).

Critical Impact

Remote attackers within Bluetooth range can extract sensitive heap memory contents from affected Android devices without user interaction.

Affected Products

  • Google Android 12.0
  • Google Android 12.1
  • Google Android 13.0 and 14.0

Discovery Timeline

  • 2024-08-15 - CVE-2024-34727 published to NVD
  • 2024-08-01 - Google releases security patch in the Android Security Bulletin
  • 2025-03-19 - Last updated in NVD database

Technical Details for CVE-2024-34727

Vulnerability Analysis

The vulnerability resides in the Service Discovery Protocol (SDP) component of the Android Bluetooth stack. The sdpu_compare_uuid_with_attr function in sdp_utils.cc compares a Universally Unique Identifier (UUID) against an SDP attribute. The function fails to properly validate the length of the attribute buffer before performing the comparison. This produces a heap buffer overflow that reads past the allocated buffer boundary. An attacker can craft malicious SDP records to trigger the read and recover bytes of adjacent heap memory. The disclosed memory may contain Bluetooth state, pointers, or other process data that aids further attacks.

Root Cause

The root cause is missing bounds validation on the attribute length passed to the UUID comparison routine. The function trusts the length field from the parsed SDP record and reads the corresponding number of bytes from the heap-allocated attribute. When the declared length exceeds the actual allocation, the read crosses the buffer boundary. This pattern aligns with [CWE-120], where input length is used directly in a memory operation without sanity checks.

Attack Vector

The attack proceeds over Bluetooth without requiring authentication or user action. An attacker within radio range initiates an SDP transaction containing malformed UUID or attribute fields. The Android Bluetooth process parses the request and executes the vulnerable comparison, returning heap data to the attacker through the SDP response or side effects. Because the exploit needs no user prompt, it can run silently against any device with Bluetooth enabled.

No public proof-of-concept code or verified exploit examples are available for this issue. Refer to the Android Bluetooth Code Update for the corrective patch and technical details.

Detection Methods for CVE-2024-34727

Indicators of Compromise

  • Unexpected SDP queries from unknown Bluetooth peers, especially those issuing malformed UUID attribute requests
  • Repeated Bluetooth pairing or service discovery attempts from the same MAC address over short intervals
  • Crashes or abnormal restarts of the com.android.bluetooth process correlated with inbound Bluetooth traffic

Detection Strategies

  • Monitor Android device logs for bluetooth service faults and SDP parsing errors around the sdpu_compare_uuid_with_attr code path
  • Audit Mobile Device Management (MDM) inventory to identify devices running Android 12.0 through 14.0 that have not received the August 2024 security patch level
  • Inspect Bluetooth HCI snoop logs for SDP responses containing UUID attributes with mismatched length fields

Monitoring Recommendations

  • Enforce patch-level reporting through MDM and flag devices below the 2024-08-01 security patch level
  • Track Bluetooth connection telemetry in environments where managed Android devices handle sensitive data
  • Alert on repeated Bluetooth service crashes that may indicate exploitation attempts against the SDP stack

How to Mitigate CVE-2024-34727

Immediate Actions Required

  • Apply the August 2024 Android security patch (security patch level 2024-08-01 or later) to all affected devices
  • Disable Bluetooth on devices that cannot be updated, particularly in high-risk locations
  • Restrict device discoverability and avoid pairing with untrusted peers until patches are deployed

Patch Information

Google published the fix in the Android Security Bulletin August 2024. The corresponding source change is available in the Android Bluetooth Code Update, which adds bounds checks around the UUID-attribute comparison. Device vendors integrate the patch into their own monthly releases, so users should verify availability with their carrier or original equipment manufacturer (OEM).

Workarounds

  • Turn Bluetooth off when not in use, especially in public spaces and crowded environments
  • Set Bluetooth visibility to non-discoverable to limit unsolicited SDP queries
  • Avoid accepting connections from unknown devices and remove stale paired entries
bash
# Verify Android security patch level via adb
adb shell getprop ro.build.version.security_patch
# Expected output: 2024-08-01 or later

# Disable Bluetooth from the command line
adb shell svc bluetooth disable

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.