ASB-A-201083442

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-201083442.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-201083442
Aliases
  • A-201083442
  • CVE-2021-39674
Published
2022-02-01T00:00:00Z
Modified
2025-11-25T16:14:47.974140Z
Summary
[none]
Details

In btmsecconnected and btmsecdisconnected of btm_sec.cc file , there is a possible use after free. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/system/bt

Package

Name
platform/system/bt

Affected ranges

Type
ECOSYSTEM
Events
Introduced
10:0
Fixed
10:2022-02-01

Affected versions

Other

10

Ecosystem specific 

{
    "fixes": [
        "https://android.googlesource.com/platform/system/bt/+/4f3fdf141b248cacd7c7dd09c06d058931726c98"
    ],
    "types": [
        "EoP"
    ],
    "severity": "High",
    "spl": "2022-02-01",
    "vanir_signatures": [
        {
            "signature_type": "Function",
            "deprecated": false,
            "id": "ASB-A-201083442-1b29831b",
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/system/bt/+/4f3fdf141b248cacd7c7dd09c06d058931726c98",
            "digest": {
                "length": 2932.0,
                "function_hash": "122004041837697648258448318484223466279"
            },
            "target": {
                "file": "stack/btm/btm_sec.cc",
                "function": "btm_sec_disconnected"
            }
        },
        {
            "signature_type": "Function",
            "deprecated": false,
            "id": "ASB-A-201083442-49f83b77",
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/system/bt/+/4f3fdf141b248cacd7c7dd09c06d058931726c98",
            "digest": {
                "length": 6878.0,
                "function_hash": "48152161687422866557800725042663174574"
            },
            "target": {
                "file": "stack/btm/btm_sec.cc",
                "function": "btm_sec_connected"
            }
        },
        {
            "signature_type": "Line",
            "deprecated": false,
            "id": "ASB-A-201083442-5d9eae03",
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/system/bt/+/4f3fdf141b248cacd7c7dd09c06d058931726c98",
            "digest": {
                "line_hashes": [
                    "297368654972908621836918557900222963549",
                    "332322776207264410706621514063170894526",
                    "338335156206453636038296674831092072979",
                    "304783868903325475174910602552010287361",
                    "237584898535526165343205144234369001840",
                    "182461076222023272195598206281586249700",
                    "225770881008579576306811599978284230743",
                    "157159581754704635677698335972200630708",
                    "261046882585634627809982276669943056732",
                    "170262317928811187330531501478672008062",
                    "90216770933488751888883760906353042346",
                    "293663843391815631228309343007137271692",
                    "79779840663977586246070583226410737972",
                    "98096397884023612276246776154760033515"
                ],
                "threshold": 0.9
            },
            "target": {
                "file": "stack/btm/btm_sec.cc"
            }
        }
    ]
}

Android / platform/system/bt

Package

Name
platform/system/bt

Affected ranges

Type
ECOSYSTEM
Events
Introduced
11:0
Fixed
11:2022-02-01

Affected versions

Other

11

Ecosystem specific 

{
    "fixes": [
        "https://android.googlesource.com/platform/system/bt/+/c08175b5f15b161a6ba1444e1071e92b03552915"
    ],
    "types": [
        "EoP"
    ],
    "severity": "High",
    "spl": "2022-02-01",
    "vanir_signatures": [
        {
            "signature_type": "Function",
            "deprecated": false,
            "id": "ASB-A-201083442-08db4922",
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/system/bt/+/c08175b5f15b161a6ba1444e1071e92b03552915",
            "digest": {
                "length": 6923.0,
                "function_hash": "76536728077887636859201998616180283151"
            },
            "target": {
                "file": "stack/btm/btm_sec.cc",
                "function": "btm_sec_connected"
            }
        },
        {
            "signature_type": "Line",
            "deprecated": false,
            "id": "ASB-A-201083442-b8128c5a",
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/system/bt/+/c08175b5f15b161a6ba1444e1071e92b03552915",
            "digest": {
                "line_hashes": [
                    "297368654972908621836918557900222963549",
                    "332322776207264410706621514063170894526",
                    "338335156206453636038296674831092072979",
                    "304783868903325475174910602552010287361",
                    "237584898535526165343205144234369001840",
                    "182461076222023272195598206281586249700",
                    "225770881008579576306811599978284230743",
                    "157159581754704635677698335972200630708",
                    "261046882585634627809982276669943056732",
                    "170262317928811187330531501478672008062",
                    "90216770933488751888883760906353042346",
                    "293663843391815631228309343007137271692",
                    "79779840663977586246070583226410737972",
                    "98096397884023612276246776154760033515"
                ],
                "threshold": 0.9
            },
            "target": {
                "file": "stack/btm/btm_sec.cc"
            }
        },
        {
            "signature_type": "Function",
            "deprecated": false,
            "id": "ASB-A-201083442-fcb3b15a",
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/system/bt/+/c08175b5f15b161a6ba1444e1071e92b03552915",
            "digest": {
                "length": 2932.0,
                "function_hash": "122004041837697648258448318484223466279"
            },
            "target": {
                "file": "stack/btm/btm_sec.cc",
                "function": "btm_sec_disconnected"
            }
        }
    ]
}

Android / platform/system/bt

Package

Name
platform/system/bt

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12:0
Fixed
12:2022-02-01

Affected versions

Other

12

Ecosystem specific 

{
    "fixes": [
        "https://android.googlesource.com/platform/system/bt/+/ea8501068cc35af7aa5945e9b066130f02dc06a4"
    ],
    "types": [
        "EoP"
    ],
    "severity": "High",
    "spl": "2022-02-01",
    "vanir_signatures": [
        {
            "signature_type": "Line",
            "deprecated": false,
            "id": "ASB-A-201083442-4651c542",
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/system/bt/+/ea8501068cc35af7aa5945e9b066130f02dc06a4",
            "digest": {
                "line_hashes": [
                    "94915954982532662455959577836117386052",
                    "250075224066749656933134517146766345018",
                    "284970515002573275106766199300817928614",
                    "40005642885998785701529236771374408111",
                    "193315777554132242213806373007094154933",
                    "277305767727037183007718502432299055794",
                    "274509028261151890536959334243696074865"
                ],
                "threshold": 0.9
            },
            "target": {
                "file": "stack/btm/btm_sec.cc"
            }
        },
        {
            "signature_type": "Function",
            "deprecated": false,
            "id": "ASB-A-201083442-521c2e50",
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/system/bt/+/ea8501068cc35af7aa5945e9b066130f02dc06a4",
            "digest": {
                "length": 6149.0,
                "function_hash": "264728479579913994476960157247978928619"
            },
            "target": {
                "file": "stack/btm/btm_sec.cc",
                "function": "btm_sec_connected"
            }
        }
    ]
}