ASB-A-169252501

See a problem?

Import Source

https://storage.googleapis.com/android-osv/ASB-A-169252501.json

JSON Data

https://api.osv.dev/v1/vulns/ASB-A-169252501

Aliases

A-169252501
CVE-2021-0476

Published

2021-05-01T00:00:00Z

Modified

2026-04-21T15:25:42.831358Z

Summary

[none]

Details

In FindOrCreatePeer of btif_av.cc, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/system/bt

Package

Name: platform/system/bt

Affected ranges

Type: ECOSYSTEM
Events: Introduced

9:0

Fixed

9:2021-05-01

Affected versions

Other

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 238.0,
                "function_hash": "149876918045358504370956173241248993079"
            },
            "id": "ASB-A-169252501-15d8ddc1",
            "deprecated": true,
            "signature_version": "v1",
            "signature_type": "Function",
            "source": "https://android.googlesource.com/platform/system/bt/+/9ca4c62ce5aaff3b6ebf564d796913b230370fb4",
            "target": {
                "function": "BtifAvSource::BtaHandleRegistered",
                "file": "btif/src/btif_av.cc"
            }
        },
        {
            "digest": {
                "length": 236.0,
                "function_hash": "127846889590340415951834049465418819456"
            },
            "id": "ASB-A-169252501-285769eb",
            "deprecated": true,
            "signature_version": "v1",
            "signature_type": "Function",
            "source": "https://android.googlesource.com/platform/system/bt/+/9ca4c62ce5aaff3b6ebf564d796913b230370fb4",
            "target": {
                "function": "BtifAvSink::BtaHandleRegistered",
                "file": "btif/src/btif_av.cc"
            }
        },
        {
            "digest": {
                "length": 174.0,
                "function_hash": "65528912344716834826589416087978685088"
            },
            "id": "ASB-A-169252501-374d3e5a",
            "deprecated": true,
            "target": {
                "function": "BtifAvSource::DeregisterAllBtaHandles",
                "file": "btif/src/btif_av.cc"
            },
            "signature_type": "Function",
            "match_only_versions": [
                "9"
            ],
            "source": "https://android.googlesource.com/platform/system/bt/+/9ca4c62ce5aaff3b6ebf564d796913b230370fb4",
            "signature_version": "v1"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "331293078526016562404328689888141899854",
                    "2322497238627235144961727125087970630",
                    "203648937355433518573128439932761124777",
                    "25212691223185803066718930812061936369",
                    "66936168821043562254163845472727638335",
                    "235104917484205533977032500277690320780",
                    "267201269717841092028825668417157367496",
                    "75978771785860844122118265499495747857",
                    "66936168821043562254163845472727638335",
                    "235104917484205533977032500277690320780",
                    "173569485101204284895449963033278039481",
                    "21721513700559348382673603846927763618",
                    "105693334848323409289971173846162312904",
                    "255217769913288710609696394077196581389",
                    "4384637297730988857126802801291282735",
                    "26672876250087487240984185801548000381",
                    "48727072518112051530940429775497435846",
                    "304546366998825079381700039783930145396",
                    "81964408864056496411746589272296610514",
                    "211776590200393861532864587028871615658",
                    "126867683735155193271630160450672618658",
                    "326101455198965394955974023546275441965",
                    "9071875010004526267855058804911097608",
                    "112322295493807377885673840050434155023",
                    "89920879861773771452513663279140829048",
                    "227538133683789425713924827535890684293",
                    "149233445817964970468812921719314436276",
                    "26672876250087487240984185801548000381",
                    "234659527700712118863467554668560540893",
                    "287965408633361319571044857821250093537",
                    "279590714065217830466403121878877668117",
                    "335935096673570273337876886832130065823",
                    "244958522067952797573893982748380823527",
                    "334988230763470955820707789938215014877",
                    "232033678032022769000728351318862788994",
                    "191895866305495185361903928815781935142"
                ]
            },
            "id": "ASB-A-169252501-a758358b",
            "deprecated": true,
            "signature_version": "v1",
            "signature_type": "Line",
            "source": "https://android.googlesource.com/platform/system/bt/+/9ca4c62ce5aaff3b6ebf564d796913b230370fb4",
            "target": {
                "file": "btif/src/btif_av.cc"
            }
        },
        {
            "digest": {
                "length": 1048.0,
                "function_hash": "329174392347763179983427046306926867425"
            },
            "id": "ASB-A-169252501-ab29ddde",
            "deprecated": true,
            "signature_version": "v1",
            "signature_type": "Function",
            "source": "https://android.googlesource.com/platform/system/bt/+/9ca4c62ce5aaff3b6ebf564d796913b230370fb4",
            "target": {
                "function": "BtifAvSink::FindOrCreatePeer",
                "file": "btif/src/btif_av.cc"
            }
        },
        {
            "digest": {
                "length": 172.0,
                "function_hash": "43140690224603685116810835061539601341"
            },
            "id": "ASB-A-169252501-e9eb27b3",
            "deprecated": true,
            "target": {
                "function": "BtifAvSink::DeregisterAllBtaHandles",
                "file": "btif/src/btif_av.cc"
            },
            "signature_type": "Function",
            "match_only_versions": [
                "9"
            ],
            "source": "https://android.googlesource.com/platform/system/bt/+/9ca4c62ce5aaff3b6ebf564d796913b230370fb4",
            "signature_version": "v1"
        },
        {
            "digest": {
                "length": 1050.0,
                "function_hash": "218766263198388952194430734699468708722"
            },
            "id": "ASB-A-169252501-f9a695a4",
            "deprecated": true,
            "signature_version": "v1",
            "signature_type": "Function",
            "source": "https://android.googlesource.com/platform/system/bt/+/9ca4c62ce5aaff3b6ebf564d796913b230370fb4",
            "target": {
                "function": "BtifAvSource::FindOrCreatePeer",
                "file": "btif/src/btif_av.cc"
            }
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/system/bt/+/9ca4c62ce5aaff3b6ebf564d796913b230370fb4"
    ],
    "types": [
        "EoP"
    ],
    "spl": "2021-05-01",
    "severity": "High"
}

Database specific

source

"https://storage.googleapis.com/android-osv/ASB-A-169252501.json"

Android / platform/system/bt

Package

Name: platform/system/bt

Affected ranges

Type: ECOSYSTEM
Events: Introduced

10:0

Fixed

10:2021-05-01

Affected versions

Other

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "331293078526016562404328689888141899854",
                    "2322497238627235144961727125087970630",
                    "203648937355433518573128439932761124777",
                    "25212691223185803066718930812061936369",
                    "242867435571651341606309218580176787629",
                    "315116305912593237881129245693820990073",
                    "267201269717841092028825668417157367496",
                    "75978771785860844122118265499495747857",
                    "66936168821043562254163845472727638335",
                    "235104917484205533977032500277690320780",
                    "173569485101204284895449963033278039481",
                    "21721513700559348382673603846927763618",
                    "105693334848323409289971173846162312904",
                    "255217769913288710609696394077196581389",
                    "4384637297730988857126802801291282735",
                    "26672876250087487240984185801548000381",
                    "48727072518112051530940429775497435846",
                    "304546366998825079381700039783930145396",
                    "81964408864056496411746589272296610514",
                    "211776590200393861532864587028871615658",
                    "126867683735155193271630160450672618658",
                    "326101455198965394955974023546275441965",
                    "9071875010004526267855058804911097608",
                    "112322295493807377885673840050434155023",
                    "89920879861773771452513663279140829048",
                    "227538133683789425713924827535890684293",
                    "149233445817964970468812921719314436276",
                    "26672876250087487240984185801548000381",
                    "234659527700712118863467554668560540893",
                    "287965408633361319571044857821250093537",
                    "279590714065217830466403121878877668117",
                    "335935096673570273337876886832130065823",
                    "244958522067952797573893982748380823527",
                    "334988230763470955820707789938215014877",
                    "232033678032022769000728351318862788994",
                    "191895866305495185361903928815781935142"
                ]
            },
            "id": "ASB-A-169252501-1f13d38a",
            "deprecated": true,
            "signature_version": "v1",
            "signature_type": "Line",
            "source": "https://android.googlesource.com/platform/system/bt/+/f230ef243e3b9abad4608cf5be1b5eab26193a3e",
            "target": {
                "file": "btif/src/btif_av.cc"
            }
        },
        {
            "digest": {
                "length": 174.0,
                "function_hash": "65528912344716834826589416087978685088"
            },
            "id": "ASB-A-169252501-202caa8b",
            "deprecated": true,
            "target": {
                "function": "BtifAvSource::DeregisterAllBtaHandles",
                "file": "btif/src/btif_av.cc"
            },
            "signature_type": "Function",
            "match_only_versions": [
                "10"
            ],
            "source": "https://android.googlesource.com/platform/system/bt/+/f230ef243e3b9abad4608cf5be1b5eab26193a3e",
            "signature_version": "v1"
        },
        {
            "digest": {
                "length": 238.0,
                "function_hash": "149876918045358504370956173241248993079"
            },
            "id": "ASB-A-169252501-2dd436a9",
            "deprecated": true,
            "signature_version": "v1",
            "signature_type": "Function",
            "source": "https://android.googlesource.com/platform/system/bt/+/f230ef243e3b9abad4608cf5be1b5eab26193a3e",
            "target": {
                "function": "BtifAvSource::BtaHandleRegistered",
                "file": "btif/src/btif_av.cc"
            }
        },
        {
            "digest": {
                "length": 1109.0,
                "function_hash": "46617459757280629262567702798985189903"
            },
            "id": "ASB-A-169252501-96f5657e",
            "deprecated": true,
            "signature_version": "v1",
            "signature_type": "Function",
            "source": "https://android.googlesource.com/platform/system/bt/+/f230ef243e3b9abad4608cf5be1b5eab26193a3e",
            "target": {
                "function": "BtifAvSink::FindOrCreatePeer",
                "file": "btif/src/btif_av.cc"
            }
        },
        {
            "digest": {
                "length": 1050.0,
                "function_hash": "218766263198388952194430734699468708722"
            },
            "id": "ASB-A-169252501-973dda73",
            "deprecated": true,
            "signature_version": "v1",
            "signature_type": "Function",
            "source": "https://android.googlesource.com/platform/system/bt/+/f230ef243e3b9abad4608cf5be1b5eab26193a3e",
            "target": {
                "function": "BtifAvSource::FindOrCreatePeer",
                "file": "btif/src/btif_av.cc"
            }
        },
        {
            "digest": {
                "length": 172.0,
                "function_hash": "43140690224603685116810835061539601341"
            },
            "id": "ASB-A-169252501-b9ca15d3",
            "deprecated": true,
            "target": {
                "function": "BtifAvSink::DeregisterAllBtaHandles",
                "file": "btif/src/btif_av.cc"
            },
            "signature_type": "Function",
            "match_only_versions": [
                "10"
            ],
            "source": "https://android.googlesource.com/platform/system/bt/+/f230ef243e3b9abad4608cf5be1b5eab26193a3e",
            "signature_version": "v1"
        },
        {
            "digest": {
                "length": 236.0,
                "function_hash": "127846889590340415951834049465418819456"
            },
            "id": "ASB-A-169252501-bf738abc",
            "deprecated": true,
            "signature_version": "v1",
            "signature_type": "Function",
            "source": "https://android.googlesource.com/platform/system/bt/+/f230ef243e3b9abad4608cf5be1b5eab26193a3e",
            "target": {
                "function": "BtifAvSink::BtaHandleRegistered",
                "file": "btif/src/btif_av.cc"
            }
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/system/bt/+/f230ef243e3b9abad4608cf5be1b5eab26193a3e"
    ],
    "types": [
        "EoP"
    ],
    "spl": "2021-05-01",
    "severity": "High"
}

Database specific

source

"https://storage.googleapis.com/android-osv/ASB-A-169252501.json"

Android / platform/system/bt

Package

Name: platform/system/bt

Affected ranges

Type: ECOSYSTEM
Events: Introduced

11:0

Fixed

11:2021-05-01

Affected versions

Other

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 172.0,
                "function_hash": "43140690224603685116810835061539601341"
            },
            "id": "ASB-A-169252501-1960f265",
            "deprecated": true,
            "target": {
                "function": "BtifAvSink::DeregisterAllBtaHandles",
                "file": "btif/src/btif_av.cc"
            },
            "signature_type": "Function",
            "match_only_versions": [
                "11"
            ],
            "source": "https://android.googlesource.com/platform/system/bt/+/1be5b0d94068e47ecaa0a00b2f40ef520850f6ff",
            "signature_version": "v1"
        },
        {
            "digest": {
                "length": 695.0,
                "function_hash": "230495465556589350163812101599905675235"
            },
            "id": "ASB-A-169252501-3d92bb4a",
            "deprecated": true,
            "target": {
                "function": "BtifAvSink::BtaHandleRegistered",
                "file": "btif/src/btif_av.cc"
            },
            "signature_type": "Function",
            "match_only_versions": [
                "11"
            ],
            "source": "https://android.googlesource.com/platform/system/bt/+/1be5b0d94068e47ecaa0a00b2f40ef520850f6ff",
            "signature_version": "v1"
        },
        {
            "digest": {
                "length": 697.0,
                "function_hash": "139062621193383159984482973910761356616"
            },
            "id": "ASB-A-169252501-6aaafe93",
            "deprecated": true,
            "target": {
                "function": "BtifAvSource::BtaHandleRegistered",
                "file": "btif/src/btif_av.cc"
            },
            "signature_type": "Function",
            "match_only_versions": [
                "11"
            ],
            "source": "https://android.googlesource.com/platform/system/bt/+/1be5b0d94068e47ecaa0a00b2f40ef520850f6ff",
            "signature_version": "v1"
        },
        {
            "digest": {
                "length": 1290.0,
                "function_hash": "142231195491519073520493206282996531695"
            },
            "id": "ASB-A-169252501-6c68d8a0",
            "deprecated": true,
            "signature_version": "v1",
            "signature_type": "Function",
            "source": "https://android.googlesource.com/platform/system/bt/+/1be5b0d94068e47ecaa0a00b2f40ef520850f6ff",
            "target": {
                "function": "BtifAvSource::FindOrCreatePeer",
                "file": "btif/src/btif_av.cc"
            }
        },
        {
            "digest": {
                "length": 174.0,
                "function_hash": "65528912344716834826589416087978685088"
            },
            "id": "ASB-A-169252501-91afdc6f",
            "deprecated": true,
            "target": {
                "function": "BtifAvSource::DeregisterAllBtaHandles",
                "file": "btif/src/btif_av.cc"
            },
            "signature_type": "Function",
            "match_only_versions": [
                "11"
            ],
            "source": "https://android.googlesource.com/platform/system/bt/+/1be5b0d94068e47ecaa0a00b2f40ef520850f6ff",
            "signature_version": "v1"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "331293078526016562404328689888141899854",
                    "2322497238627235144961727125087970630",
                    "203648937355433518573128439932761124777",
                    "25212691223185803066718930812061936369",
                    "242867435571651341606309218580176787629",
                    "315116305912593237881129245693820990073",
                    "267201269717841092028825668417157367496",
                    "75978771785860844122118265499495747857",
                    "66936168821043562254163845472727638335",
                    "235104917484205533977032500277690320780",
                    "173569485101204284895449963033278039481",
                    "21721513700559348382673603846927763618",
                    "105693334848323409289971173846162312904",
                    "255217769913288710609696394077196581389",
                    "4384637297730988857126802801291282735",
                    "26672876250087487240984185801548000381",
                    "48727072518112051530940429775497435846",
                    "304546366998825079381700039783930145396",
                    "81964408864056496411746589272296610514",
                    "211776590200393861532864587028871615658",
                    "126867683735155193271630160450672618658",
                    "326101455198965394955974023546275441965",
                    "9071875010004526267855058804911097608",
                    "102271672906487167265963398051837337197",
                    "89920879861773771452513663279140829048",
                    "227538133683789425713924827535890684293",
                    "149233445817964970468812921719314436276",
                    "26672876250087487240984185801548000381",
                    "234659527700712118863467554668560540893",
                    "287965408633361319571044857821250093537",
                    "279590714065217830466403121878877668117",
                    "335935096673570273337876886832130065823",
                    "244958522067952797573893982748380823527",
                    "334988230763470955820707789938215014877",
                    "232033678032022769000728351318862788994",
                    "323272362925700860830954035651760506206"
                ]
            },
            "id": "ASB-A-169252501-a9f129e9",
            "deprecated": true,
            "signature_version": "v1",
            "signature_type": "Line",
            "source": "https://android.googlesource.com/platform/system/bt/+/1be5b0d94068e47ecaa0a00b2f40ef520850f6ff",
            "target": {
                "file": "btif/src/btif_av.cc"
            }
        },
        {
            "digest": {
                "length": 1349.0,
                "function_hash": "229860356068028072949086883197902121591"
            },
            "id": "ASB-A-169252501-f48b765e",
            "deprecated": true,
            "signature_version": "v1",
            "signature_type": "Function",
            "source": "https://android.googlesource.com/platform/system/bt/+/1be5b0d94068e47ecaa0a00b2f40ef520850f6ff",
            "target": {
                "function": "BtifAvSink::FindOrCreatePeer",
                "file": "btif/src/btif_av.cc"
            }
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/system/bt/+/1be5b0d94068e47ecaa0a00b2f40ef520850f6ff"
    ],
    "types": [
        "EoP"
    ],
    "spl": "2021-05-01",
    "severity": "High"
}

Database specific

source

"https://storage.googleapis.com/android-osv/ASB-A-169252501.json"