{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-10T07:19:04.202","vulnerabilities":[{"cve":{"id":"CVE-2023-40090","sourceIdentifier":"security@android.com","published":"2023-12-04T23:15:24.337","lastModified":"2024-11-21T08:18:45.137","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In BTM_BleVerifySignature of btm_ble.cc, there is a possible way to bypass signature validation due to side channel information disclosure. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."},{"lang":"es","value":"En BTM_BleVerifySignature de btm_ble.cc, existe una forma posible de omitir la validación de firma debido a la divulgación de información del canal lateral. Esto podría conducir a una escalada remota de privilegios sin necesidad de permisos de ejecución adicionales. La interacción del usuario no es necesaria para la explotación."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-203"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*","matchCriteriaId":"109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*","matchCriteriaId":"F8FB8EE9-FC56-4D5E-AE55-A5967634740C"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*","matchCriteriaId":"C64C1583-CDE0-4C1F-BDE6-05643C1BDD72"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*","matchCriteriaId":"879FFD0C-9B38-4CAA-B057-1086D794D469"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*","matchCriteriaId":"2700BCC5-634D-4EC6-AB67-5B678D5F951D"}]}]}],"references":[{"url":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/495417bd068c35de0729d9a332639bd0699153ff","source":"security@android.com","tags":["Mailing List","Patch"]},{"url":"https://source.android.com/security/bulletin/2023-12-01","source":"security@android.com","tags":["Patch","Third Party Advisory"]},{"url":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/495417bd068c35de0729d9a332639bd0699153ff","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch"]},{"url":"https://source.android.com/security/bulletin/2023-12-01","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]}]}}]}