ASB-A-251514170
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-251514170.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-251514170
- Aliases
-
- A-251514170
- CVE-2024-34722
- Published
- 2024-07-01T00:00:00Z
- Modified
- 2024-08-07T19:29:46.332761Z
- Summary
- 1.1 Bypassing passkey entry in legacy pairing - Pixel 4a, Pixel 3 XL
- Details
-
In smpprocrand of smp_act.cc, there is a possible authentication bypass during legacy BLE pairing due to incorrect implementation of a protocol. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android / platform/packages/modules/Bluetooth
Package
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"length": 352.0,
"function_hash": "321571789285904334492730743639956922213"
},
"id": "ASB-A-251514170-3fbe783e",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/eaa367379e0f08d5ab3167ac49136343e0c87e52",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "system/stack/smp/smp_act.cc",
"function": "smp_proc_rand"
},
"signature_type": "Function"
},
{
"digest": {
"length": 155.0,
"function_hash": "310836050937169455387554377117328168799"
},
"id": "ASB-A-251514170-a2866d9a",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/eaa367379e0f08d5ab3167ac49136343e0c87e52",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "system/stack/smp/smp_act.cc",
"function": "smp_send_confirm"
},
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"76016990345088518128060597595811943963",
"302590340112657390498622356868910682549",
"223964831944845757341067812058928167970",
"199893950464949796952010713464199678017",
"63269745553648631491921231036164254688",
"133178774613934554449228570743171422198",
"235887221604097201012289294919459199777"
]
},
"id": "ASB-A-251514170-f93c8a46",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/eaa367379e0f08d5ab3167ac49136343e0c87e52",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "system/stack/smp/smp_act.cc"
},
"signature_type": "Line"
}
],
"fixes": [
"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/eaa367379e0f08d5ab3167ac49136343e0c87e52"
],
"spl": "2024-07-01",
"severity": "High",
"types": [
"EoP"
]
}