ASB-A-197536150

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-197536150.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-197536150
Aliases
Published
2021-11-01T00:00:00Z
Modified
2026-04-17T15:55:28.020024Z
Summary
[none]
Details

In gattprocessnotification of gatt_cl.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/system/bt

Package

Name
platform/system/bt

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12:0
Fixed
12:2021-11-01

Affected versions

Other
12

Ecosystem specific 

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 2039.0,
                "function_hash": "26913781226188133321996820393535727853"
            },
            "id": "ASB-A-197536150-5728f832",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Function",
            "source": "https://android.googlesource.com/platform/system/bt/+/1da56d1c815aa4854aa42f721732070333e5e924",
            "target": {
                "function": "gatt_process_notification",
                "file": "stack/gatt/gatt_cl.cc"
            }
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "263351727945242443198419910108234088999",
                    "215959328734252488538789857605089722536",
                    "177314257739948461637375820928899862427",
                    "273244160455707977690419984474562053006",
                    "3688939122602890828211417145946539869",
                    "218562852323977496439307155907225093812",
                    "28744823201951060900847204068989041602",
                    "184886637897940690416800921108138984227",
                    "322897270372358409931080979741386700900",
                    "324969063048824274580802445987268853467",
                    "99905546778425004443358206112072887364",
                    "236008135547716817083878114252528268941",
                    "77807959498558541398806755521998180505",
                    "49216615266353466593051667309184881851",
                    "25946422154328594939622823235039427611",
                    "223214443494564033154917232870920751302",
                    "273527287006623407176190625645015716315",
                    "210535520868327139722747463639456754173",
                    "92678986055385520389022625704369976577",
                    "256362888509717411703778781977620156684",
                    "203108565820699953555115457339783957893",
                    "11454444934347358698576907855221095319",
                    "224515817879569649994822331150918785956",
                    "297585793797960739489230950370041601223",
                    "144669473508439479125596821811087021230",
                    "143859943361670814156163004842080285498",
                    "266628536319323679248287883643312044170",
                    "95405965563415794794552108999295640797",
                    "64146400298051000994291194842497737603",
                    "331105659975516969580227097925127286666",
                    "79040732532480894151709892515207405695",
                    "182551763619509261787593915462329231863",
                    "323954921331896375207921569188563678189",
                    "176198377648225326757818059542210719735",
                    "117123222244070121711912654173552593600",
                    "176823608437112851686876880658303180255",
                    "304545390980502696862813090489965282640",
                    "164855914625600405914929802739953942173",
                    "126789249950179412328225551617687008167",
                    "208949767694485105233882983531723465386",
                    "182737131842596855602572893298260674736",
                    "289362625694009238854380438121294881527",
                    "62490829965097358699357724906255895044",
                    "231464616497715019551895957321515780992",
                    "335440247059468334519619408881895798573",
                    "200753983935550736897393171627738280737",
                    "62194403501086723688442196410380487797",
                    "38259162172126893982782955877788195791",
                    "321452225317843180656170827151548267473",
                    "64029243776140529983528886840061075494",
                    "182216370432332151597401037967625495238",
                    "329316262691762984547212998603801297837",
                    "116616660018330675260120505943300106776",
                    "47871420253682481700673608684239343180",
                    "151348780378964413055757106119577724734",
                    "14197393302229346368403931393585807209",
                    "86263837772706382545263120685471036296",
                    "123055670064034706501670025806893759867",
                    "339249938651539565175509894371977000731",
                    "295884884291823743481271285296777727842",
                    "7631527641254190347466381652986983346",
                    "303161913086644891347924988498399412021",
                    "330689368519576095193604308252422305868"
                ]
            },
            "id": "ASB-A-197536150-cac340bf",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Line",
            "source": "https://android.googlesource.com/platform/system/bt/+/1da56d1c815aa4854aa42f721732070333e5e924",
            "target": {
                "file": "stack/gatt/gatt_cl.cc"
            }
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/system/bt/+/1da56d1c815aa4854aa42f721732070333e5e924"
    ],
    "types": [
        "RCE"
    ],
    "spl": "2021-11-01",
    "severity": "Critical"
}

Database specific

source 
"https://storage.googleapis.com/android-osv/ASB-A-197536150.json"