ASB-A-239414876

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-239414876.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-239414876
Aliases
  • A-239414876
  • CVE-2023-21108
Published
2023-06-01T00:00:00Z
Modified
2025-07-04T14:49:55.829990Z
Summary
[none]
Details

In sdpubuilduuidseq of sdpdiscovery.cc, there is a possible out of bounds write due to a use after free. This could lead to remote code execution over Bluetooth, if HFP support is enabled, with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/packages/modules/Bluetooth

Affected ranges

Type
ECOSYSTEM
Events
Introduced
13-next:0
Fixed
13-next:2023-06-01

Affected versions

Other

13-next

Ecosystem specific

{
    "fixes": [
        "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/4a33fbcfdb10a16760ef208f1f12a71c1be2d084"
    ],
    "severity": "Critical",
    "types": [
        "RCE"
    ],
    "spl": "2023-06-01",
    "vanir_signatures": [
        {
            "target": {
                "file": "system/stack/sdp/sdp_discovery.cc",
                "function": "sdpu_build_uuid_seq"
            },
            "id": "ASB-A-239414876-0d762eb9",
            "deprecated": false,
            "digest": {
                "function_hash": "172451795054686255659254453626522425369",
                "length": 965.0
            },
            "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/4a33fbcfdb10a16760ef208f1f12a71c1be2d084",
            "signature_type": "Function",
            "signature_version": "v1"
        },
        {
            "target": {
                "file": "system/stack/sdp/sdp_discovery.cc",
                "function": "process_service_search_attr_rsp"
            },
            "id": "ASB-A-239414876-3ecd16ce",
            "deprecated": false,
            "digest": {
                "function_hash": "6160105693375401646461731309320914300",
                "length": 3072.0
            },
            "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/4a33fbcfdb10a16760ef208f1f12a71c1be2d084",
            "signature_type": "Function",
            "signature_version": "v1"
        },
        {
            "target": {
                "file": "system/stack/sdp/sdp_discovery.cc"
            },
            "id": "ASB-A-239414876-cd0d0eea",
            "deprecated": false,
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "169750251651433474490106793498591475191",
                    "84931401331791829021588421096479410766",
                    "310384842703592892637555397387021289944",
                    "85721753443371606351241580555888571325",
                    "242264142578573507181218216642144121287",
                    "205866409666195538502052644276806456148",
                    "207918722920618944181626259431979444587",
                    "185497858282731225311932370027386417302",
                    "296602908795734861171176492539200651727",
                    "196976666606745896103424027485593915370",
                    "33666277063773505652381783624144181070",
                    "100086366680014701926449830898226310479",
                    "140426836328131156045608387776757111480",
                    "193249032038850123455510648311782786135",
                    "145360714436139411680973858325284335513",
                    "322844424482710275068573617548790882633",
                    "103331403414350064846302849100715096197",
                    "135330378089612299105991353294613656178",
                    "154605522017743771657206398468376133390",
                    "152390519994903885300304589480829944573",
                    "98733625282509153893699023221989690208",
                    "184177738584478880889006912010234990322",
                    "152922577545610054467656687284007472864",
                    "222936466035150375660710183980350645928",
                    "322844424482710275068573617548790882633",
                    "103331403414350064846302849100715096197",
                    "305527177928541540908978549602960327910",
                    "225844803170373741725045927188763340869",
                    "8905032854571794044696916155848802602"
                ]
            },
            "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/4a33fbcfdb10a16760ef208f1f12a71c1be2d084",
            "signature_type": "Line",
            "signature_version": "v1"
        },
        {
            "target": {
                "file": "system/stack/sdp/sdp_discovery.cc",
                "function": "sdp_snd_service_search_req"
            },
            "id": "ASB-A-239414876-d8ba5e67",
            "deprecated": false,
            "digest": {
                "function_hash": "142074851834547030871287101166939683775",
                "length": 942.0
            },
            "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/4a33fbcfdb10a16760ef208f1f12a71c1be2d084",
            "signature_type": "Function",
            "signature_version": "v1"
        }
    ]
}

Android / platform/packages/modules/Bluetooth

Affected ranges

Type
ECOSYSTEM
Events
Introduced
13:0
Fixed
13:2023-06-01

Affected versions

Other

13

Ecosystem specific

{
    "fixes": [
        "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/4a33fbcfdb10a16760ef208f1f12a71c1be2d084"
    ],
    "severity": "Critical",
    "types": [
        "RCE"
    ],
    "spl": "2023-06-01",
    "vanir_signatures": [
        {
            "target": {
                "file": "system/stack/sdp/sdp_discovery.cc",
                "function": "sdpu_build_uuid_seq"
            },
            "id": "ASB-A-239414876-aee66aa3",
            "deprecated": false,
            "digest": {
                "function_hash": "172451795054686255659254453626522425369",
                "length": 965.0
            },
            "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/4a33fbcfdb10a16760ef208f1f12a71c1be2d084",
            "signature_type": "Function",
            "signature_version": "v1"
        },
        {
            "target": {
                "file": "system/stack/sdp/sdp_discovery.cc"
            },
            "id": "ASB-A-239414876-b8ae30b4",
            "deprecated": false,
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "169750251651433474490106793498591475191",
                    "84931401331791829021588421096479410766",
                    "310384842703592892637555397387021289944",
                    "85721753443371606351241580555888571325",
                    "242264142578573507181218216642144121287",
                    "205866409666195538502052644276806456148",
                    "207918722920618944181626259431979444587",
                    "185497858282731225311932370027386417302",
                    "296602908795734861171176492539200651727",
                    "196976666606745896103424027485593915370",
                    "33666277063773505652381783624144181070",
                    "100086366680014701926449830898226310479",
                    "140426836328131156045608387776757111480",
                    "193249032038850123455510648311782786135",
                    "145360714436139411680973858325284335513",
                    "322844424482710275068573617548790882633",
                    "103331403414350064846302849100715096197",
                    "135330378089612299105991353294613656178",
                    "154605522017743771657206398468376133390",
                    "152390519994903885300304589480829944573",
                    "98733625282509153893699023221989690208",
                    "184177738584478880889006912010234990322",
                    "152922577545610054467656687284007472864",
                    "222936466035150375660710183980350645928",
                    "322844424482710275068573617548790882633",
                    "103331403414350064846302849100715096197",
                    "305527177928541540908978549602960327910",
                    "225844803170373741725045927188763340869",
                    "8905032854571794044696916155848802602"
                ]
            },
            "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/4a33fbcfdb10a16760ef208f1f12a71c1be2d084",
            "signature_type": "Line",
            "signature_version": "v1"
        },
        {
            "target": {
                "file": "system/stack/sdp/sdp_discovery.cc",
                "function": "process_service_search_attr_rsp"
            },
            "id": "ASB-A-239414876-bad122aa",
            "deprecated": false,
            "digest": {
                "function_hash": "6160105693375401646461731309320914300",
                "length": 3072.0
            },
            "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/4a33fbcfdb10a16760ef208f1f12a71c1be2d084",
            "signature_type": "Function",
            "signature_version": "v1"
        },
        {
            "target": {
                "file": "system/stack/sdp/sdp_discovery.cc",
                "function": "sdp_snd_service_search_req"
            },
            "id": "ASB-A-239414876-ccb9e1cf",
            "deprecated": false,
            "digest": {
                "function_hash": "142074851834547030871287101166939683775",
                "length": 942.0
            },
            "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/4a33fbcfdb10a16760ef208f1f12a71c1be2d084",
            "signature_type": "Function",
            "signature_version": "v1"
        }
    ]
}