ASB-A-232023771
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-232023771.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-232023771
- Aliases
-
- A-232023771
- CVE-2022-20411
- Published
- 2022-12-01T00:00:00Z
- Modified
- 2026-04-21T15:25:42.831358Z
- Summary
- [none]
- Details
-
In avdtmsgasmbl of avdt_msg.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android / platform/system/bt
Package
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"length": 2269.0,
"function_hash": "31651622261620113666886604573074119865"
},
"id": "ASB-A-232023771-24b295aa",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/system/bt/+/a4311b284639bbd2c6c2c72d35d8444d40fb2d12",
"target": {
"function": "avdt_msg_asmbl",
"file": "stack/avdt/avdt_msg.cc"
}
},
{
"digest": {
"length": 2079.0,
"function_hash": "215894916147553160587423900392199587617"
},
"id": "ASB-A-232023771-321a029d",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/system/bt/+/a4311b284639bbd2c6c2c72d35d8444d40fb2d12",
"target": {
"function": "avct_lcb_msg_asmbl",
"file": "stack/avct/avct_lcb_act.cc"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"70120848165161273781258461032605334239",
"103868281249314003293679143785339859589",
"278968636750065012184485026436445418276",
"55401410856980922119019680032701604430"
]
},
"id": "ASB-A-232023771-4166c182",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/system/bt/+/07cc1fe9b4523f95c13c247a795bdf0b36a1aa4f",
"target": {
"file": "stack/avdt/avdt_msg.cc"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"173584054749471213542059671671466609370",
"218272014920384491034865323393805809107",
"213647027907871969227418315119428298185",
"9928675793482950772906846926328496605",
"299567162013897171384820515506672829954",
"303197354449278179794684350283057267623",
"28531630504339552654429710756820330137",
"327271937418312844391748711278984965058"
]
},
"id": "ASB-A-232023771-815881f1",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/system/bt/+/a4311b284639bbd2c6c2c72d35d8444d40fb2d12",
"target": {
"file": "stack/avct/avct_lcb_act.cc"
}
},
{
"digest": {
"length": 2129.0,
"function_hash": "160853215269139646123064996311532757850"
},
"id": "ASB-A-232023771-b21cbf2c",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/system/bt/+/07cc1fe9b4523f95c13c247a795bdf0b36a1aa4f",
"target": {
"function": "avdt_msg_asmbl",
"file": "stack/avdt/avdt_msg.cc"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"70120848165161273781258461032605334239",
"215507649221945670645596187650782013637",
"23877860105343681440705075309397570792",
"310567960305520675214271535015287563817",
"88934782529621464372846023753636423842",
"219719858263803852531280969617611252898",
"137818675491998040360743622437184545376",
"265765237446791770549679568004270914313"
]
},
"id": "ASB-A-232023771-f7b85ac5",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/system/bt/+/a4311b284639bbd2c6c2c72d35d8444d40fb2d12",
"target": {
"file": "stack/avdt/avdt_msg.cc"
}
}
],
"fixes": [
"https://android.googlesource.com/platform/system/bt/+/07cc1fe9b4523f95c13c247a795bdf0b36a1aa4f",
"https://android.googlesource.com/platform/system/bt/+/a4311b284639bbd2c6c2c72d35d8444d40fb2d12"
],
"types": [
"RCE"
],
"spl": "2022-12-01",
"severity": "Critical"
}
Android / platform/system/bt
Package
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"length": 2269.0,
"function_hash": "31651622261620113666886604573074119865"
},
"id": "ASB-A-232023771-1ac3aad0",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/system/bt/+/240baf57ea9a112c153af0b53082c6951c636653",
"target": {
"function": "avdt_msg_asmbl",
"file": "stack/avdt/avdt_msg.cc"
}
},
{
"digest": {
"length": 2079.0,
"function_hash": "215894916147553160587423900392199587617"
},
"id": "ASB-A-232023771-a30ae265",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/system/bt/+/240baf57ea9a112c153af0b53082c6951c636653",
"target": {
"function": "avct_lcb_msg_asmbl",
"file": "stack/avct/avct_lcb_act.cc"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"70120848165161273781258461032605334239",
"215507649221945670645596187650782013637",
"23877860105343681440705075309397570792",
"310567960305520675214271535015287563817",
"88934782529621464372846023753636423842",
"219719858263803852531280969617611252898",
"137818675491998040360743622437184545376",
"265765237446791770549679568004270914313"
]
},
"id": "ASB-A-232023771-ad6e5cb0",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/system/bt/+/240baf57ea9a112c153af0b53082c6951c636653",
"target": {
"file": "stack/avdt/avdt_msg.cc"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"173584054749471213542059671671466609370",
"218272014920384491034865323393805809107",
"213647027907871969227418315119428298185",
"9928675793482950772906846926328496605",
"299567162013897171384820515506672829954",
"303197354449278179794684350283057267623",
"28531630504339552654429710756820330137",
"327271937418312844391748711278984965058"
]
},
"id": "ASB-A-232023771-c52f64b9",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/system/bt/+/240baf57ea9a112c153af0b53082c6951c636653",
"target": {
"file": "stack/avct/avct_lcb_act.cc"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"70120848165161273781258461032605334239",
"103868281249314003293679143785339859589",
"278968636750065012184485026436445418276",
"55401410856980922119019680032701604430"
]
},
"id": "ASB-A-232023771-e07377b5",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/system/bt/+/324c3065f863b8484847bbdfd91ef4709d407c8c",
"target": {
"file": "stack/avdt/avdt_msg.cc"
}
},
{
"digest": {
"length": 2129.0,
"function_hash": "160853215269139646123064996311532757850"
},
"id": "ASB-A-232023771-ea12604b",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/system/bt/+/324c3065f863b8484847bbdfd91ef4709d407c8c",
"target": {
"function": "avdt_msg_asmbl",
"file": "stack/avdt/avdt_msg.cc"
}
}
],
"fixes": [
"https://android.googlesource.com/platform/system/bt/+/324c3065f863b8484847bbdfd91ef4709d407c8c",
"https://android.googlesource.com/platform/system/bt/+/240baf57ea9a112c153af0b53082c6951c636653"
],
"types": [
"RCE"
],
"spl": "2022-12-01",
"severity": "Critical"
}
Android / platform/system/bt
Package
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"length": 2079.0,
"function_hash": "215894916147553160587423900392199587617"
},
"id": "ASB-A-232023771-285f19e5",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/system/bt/+/62986e6a11a7340925d79c4282513aebc28da176",
"target": {
"function": "avct_lcb_msg_asmbl",
"file": "stack/avct/avct_lcb_act.cc"
}
},
{
"digest": {
"length": 2129.0,
"function_hash": "160853215269139646123064996311532757850"
},
"id": "ASB-A-232023771-377d1e1d",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/system/bt/+/a75b650a2a4b6b62be1ceb2040c598b0feb0dacb",
"target": {
"function": "avdt_msg_asmbl",
"file": "stack/avdt/avdt_msg.cc"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"70120848165161273781258461032605334239",
"215507649221945670645596187650782013637",
"23877860105343681440705075309397570792",
"310567960305520675214271535015287563817",
"88934782529621464372846023753636423842",
"219719858263803852531280969617611252898",
"137818675491998040360743622437184545376",
"265765237446791770549679568004270914313"
]
},
"id": "ASB-A-232023771-6cef8960",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/system/bt/+/62986e6a11a7340925d79c4282513aebc28da176",
"target": {
"file": "stack/avdt/avdt_msg.cc"
}
},
{
"digest": {
"length": 2269.0,
"function_hash": "31651622261620113666886604573074119865"
},
"id": "ASB-A-232023771-6f9faae4",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/system/bt/+/62986e6a11a7340925d79c4282513aebc28da176",
"target": {
"function": "avdt_msg_asmbl",
"file": "stack/avdt/avdt_msg.cc"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"70120848165161273781258461032605334239",
"103868281249314003293679143785339859589",
"278968636750065012184485026436445418276",
"55401410856980922119019680032701604430"
]
},
"id": "ASB-A-232023771-a9d2d372",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/system/bt/+/a75b650a2a4b6b62be1ceb2040c598b0feb0dacb",
"target": {
"file": "stack/avdt/avdt_msg.cc"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"299567162013897171384820515506672829954",
"303197354449278179794684350283057267623",
"28531630504339552654429710756820330137",
"327271937418312844391748711278984965058"
]
},
"id": "ASB-A-232023771-c106511b",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/system/bt/+/62986e6a11a7340925d79c4282513aebc28da176",
"target": {
"file": "stack/avct/avct_lcb_act.cc"
}
}
],
"fixes": [
"https://android.googlesource.com/platform/system/bt/+/a75b650a2a4b6b62be1ceb2040c598b0feb0dacb",
"https://android.googlesource.com/platform/system/bt/+/62986e6a11a7340925d79c4282513aebc28da176"
],
"types": [
"RCE"
],
"spl": "2022-12-01",
"severity": "Critical"
}
Android / platform/packages/modules/Bluetooth
Package
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"70120848165161273781258461032605334239",
"103868281249314003293679143785339859589",
"278968636750065012184485026436445418276",
"55401410856980922119019680032701604430"
]
},
"id": "ASB-A-232023771-7977fdf2",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/ed9a843cf147bbfa1a80f2507769014958940eb4",
"target": {
"file": "system/stack/avdt/avdt_msg.cc"
}
},
{
"digest": {
"length": 2269.0,
"function_hash": "31651622261620113666886604573074119865"
},
"id": "ASB-A-232023771-9cacfddc",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/2459b5ec5206850e493ce28bc8386a98b2170dfb",
"target": {
"function": "avdt_msg_asmbl",
"file": "system/stack/avdt/avdt_msg.cc"
}
},
{
"digest": {
"length": 2079.0,
"function_hash": "215894916147553160587423900392199587617"
},
"id": "ASB-A-232023771-c94e61f4",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/2459b5ec5206850e493ce28bc8386a98b2170dfb",
"target": {
"function": "avct_lcb_msg_asmbl",
"file": "system/stack/avct/avct_lcb_act.cc"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"299567162013897171384820515506672829954",
"303197354449278179794684350283057267623",
"28531630504339552654429710756820330137",
"327271937418312844391748711278984965058"
]
},
"id": "ASB-A-232023771-dac224cf",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/2459b5ec5206850e493ce28bc8386a98b2170dfb",
"target": {
"file": "system/stack/avct/avct_lcb_act.cc"
}
},
{
"digest": {
"length": 2129.0,
"function_hash": "160853215269139646123064996311532757850"
},
"id": "ASB-A-232023771-f0b5ebf2",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/ed9a843cf147bbfa1a80f2507769014958940eb4",
"target": {
"function": "avdt_msg_asmbl",
"file": "system/stack/avdt/avdt_msg.cc"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"70120848165161273781258461032605334239",
"215507649221945670645596187650782013637",
"23877860105343681440705075309397570792",
"310567960305520675214271535015287563817",
"88934782529621464372846023753636423842",
"219719858263803852531280969617611252898",
"137818675491998040360743622437184545376",
"265765237446791770549679568004270914313"
]
},
"id": "ASB-A-232023771-f4290a62",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/2459b5ec5206850e493ce28bc8386a98b2170dfb",
"target": {
"file": "system/stack/avdt/avdt_msg.cc"
}
}
],
"fixes": [
"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/ed9a843cf147bbfa1a80f2507769014958940eb4",
"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/2459b5ec5206850e493ce28bc8386a98b2170dfb"
],
"types": [
"RCE"
],
"spl": "2022-12-01",
"severity": "Critical"
}