ASB-A-172670415

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-172670415.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-172670415
Aliases
Published
2021-02-01T00:00:00Z
Modified
2026-04-17T15:55:28.020024Z
Summary
[none]
Details

In onBatchScanReports and deliverBatchScan of GattService.java, there is a possible way to retrieve Bluetooth scan results without permissions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android
platform/packages/apps/Bluetooth

Package

Name
platform/packages/apps/Bluetooth

Affected ranges

Type
ECOSYSTEM
Events
Introduced
8.0:0
Fixed
8.0:2021-02-01

Affected versions

8.*
8.0

Ecosystem specific 

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "62637463839837125086876068015025273969",
                    "38270130599441381463735570736799822404",
                    "195096344871186794395214098527183077533",
                    "85178481723156268957428251907431641949",
                    "193415904547943498162279726599686424159",
                    "88806902401815437722027234400844152704",
                    "21350239549760555821094269345351742450",
                    "337188717553211345690156008185681630492",
                    "101216632476963660759321528229588000937",
                    "46022503581342692754263094024415558664",
                    "313874570163440170746622256905708417180",
                    "57859124448746707765054464906393609726",
                    "283524686749161234451096108757056134326",
                    "249623149264698505304643346478833532494",
                    "229441578597004240020271146844174930709",
                    "257302227022005399365821461138133502102",
                    "237336725475634246690373654317658797276",
                    "251943799740403344409888645521693820664",
                    "77592495947522646339966218863454620141",
                    "297150821219752747575223256882298182202",
                    "132933073459527881868398518962440084842"
                ]
            },
            "id": "ASB-A-172670415-1d273f16",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Line",
            "source": "https://android.googlesource.com/platform/packages/apps/Bluetooth/+/6f7f9bbf46acaaf266537256da4d0345909ea1c4",
            "target": {
                "file": "src/com/android/bluetooth/gatt/GattService.java"
            }
        },
        {
            "digest": {
                "length": 866.0,
                "function_hash": "226707436334932483421368165759926246640"
            },
            "id": "ASB-A-172670415-4f65dbf2",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Function",
            "source": "https://android.googlesource.com/platform/packages/apps/Bluetooth/+/6f7f9bbf46acaaf266537256da4d0345909ea1c4",
            "target": {
                "function": "onBatchScanReports",
                "file": "src/com/android/bluetooth/gatt/GattService.java"
            }
        },
        {
            "digest": {
                "length": 453.0,
                "function_hash": "130891963601117552561634610282874083676"
            },
            "id": "ASB-A-172670415-d64850d6",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Function",
            "source": "https://android.googlesource.com/platform/packages/apps/Bluetooth/+/6f7f9bbf46acaaf266537256da4d0345909ea1c4",
            "target": {
                "function": "deliverBatchScan",
                "file": "src/com/android/bluetooth/gatt/GattService.java"
            }
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/packages/apps/Bluetooth/+/6f7f9bbf46acaaf266537256da4d0345909ea1c4"
    ],
    "types": [
        "EoP"
    ],
    "spl": "2021-02-01",
    "severity": "High"
}

Database specific

source 
"https://storage.googleapis.com/android-osv/ASB-A-172670415.json"
platform/packages/apps/Bluetooth

Package

Name
platform/packages/apps/Bluetooth

Affected ranges

Type
ECOSYSTEM
Events
Introduced
8.1:0
Fixed
8.1:2021-02-01

Affected versions

8.*
8.1

Ecosystem specific 

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 453.0,
                "function_hash": "130891963601117552561634610282874083676"
            },
            "id": "ASB-A-172670415-2cdf817d",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Function",
            "source": "https://android.googlesource.com/platform/packages/apps/Bluetooth/+/6f7f9bbf46acaaf266537256da4d0345909ea1c4",
            "target": {
                "function": "deliverBatchScan",
                "file": "src/com/android/bluetooth/gatt/GattService.java"
            }
        },
        {
            "digest": {
                "length": 866.0,
                "function_hash": "226707436334932483421368165759926246640"
            },
            "id": "ASB-A-172670415-88048cad",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Function",
            "source": "https://android.googlesource.com/platform/packages/apps/Bluetooth/+/6f7f9bbf46acaaf266537256da4d0345909ea1c4",
            "target": {
                "function": "onBatchScanReports",
                "file": "src/com/android/bluetooth/gatt/GattService.java"
            }
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "62637463839837125086876068015025273969",
                    "38270130599441381463735570736799822404",
                    "195096344871186794395214098527183077533",
                    "85178481723156268957428251907431641949",
                    "193415904547943498162279726599686424159",
                    "88806902401815437722027234400844152704",
                    "21350239549760555821094269345351742450",
                    "337188717553211345690156008185681630492",
                    "101216632476963660759321528229588000937",
                    "46022503581342692754263094024415558664",
                    "313874570163440170746622256905708417180",
                    "57859124448746707765054464906393609726",
                    "283524686749161234451096108757056134326",
                    "249623149264698505304643346478833532494",
                    "229441578597004240020271146844174930709",
                    "257302227022005399365821461138133502102",
                    "237336725475634246690373654317658797276",
                    "251943799740403344409888645521693820664",
                    "77592495947522646339966218863454620141",
                    "297150821219752747575223256882298182202",
                    "132933073459527881868398518962440084842"
                ]
            },
            "id": "ASB-A-172670415-d1738758",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Line",
            "source": "https://android.googlesource.com/platform/packages/apps/Bluetooth/+/6f7f9bbf46acaaf266537256da4d0345909ea1c4",
            "target": {
                "file": "src/com/android/bluetooth/gatt/GattService.java"
            }
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/packages/apps/Bluetooth/+/6f7f9bbf46acaaf266537256da4d0345909ea1c4"
    ],
    "types": [
        "EoP"
    ],
    "spl": "2021-02-01",
    "severity": "High"
}

Database specific

source 
"https://storage.googleapis.com/android-osv/ASB-A-172670415.json"
platform/packages/apps/Bluetooth

Package

Name
platform/packages/apps/Bluetooth

Affected ranges

Type
ECOSYSTEM
Events
Introduced
9:0
Fixed
9:2021-02-01

Affected versions

Other
9

Ecosystem specific 

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 453.0,
                "function_hash": "130891963601117552561634610282874083676"
            },
            "id": "ASB-A-172670415-1134e146",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Function",
            "source": "https://android.googlesource.com/platform/packages/apps/Bluetooth/+/6f7f9bbf46acaaf266537256da4d0345909ea1c4",
            "target": {
                "function": "deliverBatchScan",
                "file": "src/com/android/bluetooth/gatt/GattService.java"
            }
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "62637463839837125086876068015025273969",
                    "38270130599441381463735570736799822404",
                    "195096344871186794395214098527183077533",
                    "85178481723156268957428251907431641949",
                    "193415904547943498162279726599686424159",
                    "88806902401815437722027234400844152704",
                    "21350239549760555821094269345351742450",
                    "337188717553211345690156008185681630492",
                    "101216632476963660759321528229588000937",
                    "46022503581342692754263094024415558664",
                    "313874570163440170746622256905708417180",
                    "57859124448746707765054464906393609726",
                    "283524686749161234451096108757056134326",
                    "249623149264698505304643346478833532494",
                    "229441578597004240020271146844174930709",
                    "257302227022005399365821461138133502102",
                    "237336725475634246690373654317658797276",
                    "251943799740403344409888645521693820664",
                    "77592495947522646339966218863454620141",
                    "297150821219752747575223256882298182202",
                    "132933073459527881868398518962440084842"
                ]
            },
            "id": "ASB-A-172670415-bc635f75",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Line",
            "source": "https://android.googlesource.com/platform/packages/apps/Bluetooth/+/6f7f9bbf46acaaf266537256da4d0345909ea1c4",
            "target": {
                "file": "src/com/android/bluetooth/gatt/GattService.java"
            }
        },
        {
            "digest": {
                "length": 866.0,
                "function_hash": "226707436334932483421368165759926246640"
            },
            "id": "ASB-A-172670415-d16017d9",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Function",
            "source": "https://android.googlesource.com/platform/packages/apps/Bluetooth/+/6f7f9bbf46acaaf266537256da4d0345909ea1c4",
            "target": {
                "function": "onBatchScanReports",
                "file": "src/com/android/bluetooth/gatt/GattService.java"
            }
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/packages/apps/Bluetooth/+/6f7f9bbf46acaaf266537256da4d0345909ea1c4"
    ],
    "types": [
        "EoP"
    ],
    "spl": "2021-02-01",
    "severity": "High"
}

Database specific

source 
"https://storage.googleapis.com/android-osv/ASB-A-172670415.json"
platform/packages/apps/Bluetooth

Package

Name
platform/packages/apps/Bluetooth

Affected ranges

Type
ECOSYSTEM
Events
Introduced
10:0
Fixed
10:2021-02-01

Affected versions

Other
10

Ecosystem specific 

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 866.0,
                "function_hash": "226707436334932483421368165759926246640"
            },
            "id": "ASB-A-172670415-2cd8e591",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Function",
            "source": "https://android.googlesource.com/platform/packages/apps/Bluetooth/+/6f7f9bbf46acaaf266537256da4d0345909ea1c4",
            "target": {
                "function": "onBatchScanReports",
                "file": "src/com/android/bluetooth/gatt/GattService.java"
            }
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "62637463839837125086876068015025273969",
                    "38270130599441381463735570736799822404",
                    "195096344871186794395214098527183077533",
                    "85178481723156268957428251907431641949",
                    "193415904547943498162279726599686424159",
                    "88806902401815437722027234400844152704",
                    "21350239549760555821094269345351742450",
                    "337188717553211345690156008185681630492",
                    "101216632476963660759321528229588000937",
                    "46022503581342692754263094024415558664",
                    "313874570163440170746622256905708417180",
                    "57859124448746707765054464906393609726",
                    "283524686749161234451096108757056134326",
                    "249623149264698505304643346478833532494",
                    "229441578597004240020271146844174930709",
                    "257302227022005399365821461138133502102",
                    "237336725475634246690373654317658797276",
                    "251943799740403344409888645521693820664",
                    "77592495947522646339966218863454620141",
                    "297150821219752747575223256882298182202",
                    "132933073459527881868398518962440084842"
                ]
            },
            "id": "ASB-A-172670415-8b3030b3",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Line",
            "source": "https://android.googlesource.com/platform/packages/apps/Bluetooth/+/6f7f9bbf46acaaf266537256da4d0345909ea1c4",
            "target": {
                "file": "src/com/android/bluetooth/gatt/GattService.java"
            }
        },
        {
            "digest": {
                "length": 453.0,
                "function_hash": "130891963601117552561634610282874083676"
            },
            "id": "ASB-A-172670415-9009c94e",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Function",
            "source": "https://android.googlesource.com/platform/packages/apps/Bluetooth/+/6f7f9bbf46acaaf266537256da4d0345909ea1c4",
            "target": {
                "function": "deliverBatchScan",
                "file": "src/com/android/bluetooth/gatt/GattService.java"
            }
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/packages/apps/Bluetooth/+/6f7f9bbf46acaaf266537256da4d0345909ea1c4"
    ],
    "types": [
        "EoP"
    ],
    "spl": "2021-02-01",
    "severity": "High"
}

Database specific

source 
"https://storage.googleapis.com/android-osv/ASB-A-172670415.json"
platform/packages/apps/Bluetooth

Package

Name
platform/packages/apps/Bluetooth

Affected ranges

Type
ECOSYSTEM
Events
Introduced
11:0
Fixed
11:2021-02-01

Affected versions

Other
11

Ecosystem specific 

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 453.0,
                "function_hash": "130891963601117552561634610282874083676"
            },
            "id": "ASB-A-172670415-04442104",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Function",
            "source": "https://android.googlesource.com/platform/packages/apps/Bluetooth/+/6f7f9bbf46acaaf266537256da4d0345909ea1c4",
            "target": {
                "function": "deliverBatchScan",
                "file": "src/com/android/bluetooth/gatt/GattService.java"
            }
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "62637463839837125086876068015025273969",
                    "38270130599441381463735570736799822404",
                    "195096344871186794395214098527183077533",
                    "85178481723156268957428251907431641949",
                    "193415904547943498162279726599686424159",
                    "88806902401815437722027234400844152704",
                    "21350239549760555821094269345351742450",
                    "337188717553211345690156008185681630492",
                    "101216632476963660759321528229588000937",
                    "46022503581342692754263094024415558664",
                    "313874570163440170746622256905708417180",
                    "57859124448746707765054464906393609726",
                    "283524686749161234451096108757056134326",
                    "249623149264698505304643346478833532494",
                    "229441578597004240020271146844174930709",
                    "257302227022005399365821461138133502102",
                    "237336725475634246690373654317658797276",
                    "251943799740403344409888645521693820664",
                    "77592495947522646339966218863454620141",
                    "297150821219752747575223256882298182202",
                    "132933073459527881868398518962440084842"
                ]
            },
            "id": "ASB-A-172670415-7b5d30e2",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Line",
            "source": "https://android.googlesource.com/platform/packages/apps/Bluetooth/+/6f7f9bbf46acaaf266537256da4d0345909ea1c4",
            "target": {
                "file": "src/com/android/bluetooth/gatt/GattService.java"
            }
        },
        {
            "digest": {
                "length": 866.0,
                "function_hash": "226707436334932483421368165759926246640"
            },
            "id": "ASB-A-172670415-9059506a",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Function",
            "source": "https://android.googlesource.com/platform/packages/apps/Bluetooth/+/6f7f9bbf46acaaf266537256da4d0345909ea1c4",
            "target": {
                "function": "onBatchScanReports",
                "file": "src/com/android/bluetooth/gatt/GattService.java"
            }
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/packages/apps/Bluetooth/+/6f7f9bbf46acaaf266537256da4d0345909ea1c4"
    ],
    "types": [
        "EoP"
    ],
    "spl": "2021-02-01",
    "severity": "High"
}

Database specific

source 
"https://storage.googleapis.com/android-osv/ASB-A-172670415.json"