ASB-A-251514170

See a problem?

Import Source

https://storage.googleapis.com/android-osv/ASB-A-251514170.json

JSON Data

https://api.osv.dev/v1/vulns/ASB-A-251514170

Aliases

A-251514170
CVE-2024-34722

Published

2025-01-01T00:00:00Z

Modified

2025-07-10T15:11:05.955812Z

Summary

[none]

Details

In smpprocrand of smp_act.cc, there is a possible authentication bypass during legacy BLE pairing due to incorrect implementation of a protocol. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/packages/modules/Bluetooth

Package

Name: platform/packages/modules/Bluetooth

Affected ranges

Type: ECOSYSTEM
Events: Introduced

15-next:0

Fixed

15-next:2025-01-01

Affected versions

Other

15-next

Ecosystem specific

{
    "fixes": [
        "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/eaa367379e0f08d5ab3167ac49136343e0c87e52"
    ],
    "vanir_signatures": [
        {
            "id": "ASB-A-251514170-3fbe783e",
            "signature_type": "Function",
            "deprecated": false,
            "digest": {
                "length": 352.0,
                "function_hash": "321571789285904334492730743639956922213"
            },
            "target": {
                "file": "system/stack/smp/smp_act.cc",
                "function": "smp_proc_rand"
            },
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/eaa367379e0f08d5ab3167ac49136343e0c87e52"
        },
        {
            "id": "ASB-A-251514170-a2866d9a",
            "signature_type": "Function",
            "deprecated": false,
            "digest": {
                "length": 155.0,
                "function_hash": "310836050937169455387554377117328168799"
            },
            "target": {
                "file": "system/stack/smp/smp_act.cc",
                "function": "smp_send_confirm"
            },
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/eaa367379e0f08d5ab3167ac49136343e0c87e52"
        },
        {
            "id": "ASB-A-251514170-f93c8a46",
            "signature_type": "Line",
            "deprecated": false,
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "76016990345088518128060597595811943963",
                    "302590340112657390498622356868910682549",
                    "223964831944845757341067812058928167970",
                    "199893950464949796952010713464199678017",
                    "63269745553648631491921231036164254688",
                    "133178774613934554449228570743171422198",
                    "235887221604097201012289294919459199777"
                ]
            },
            "target": {
                "file": "system/stack/smp/smp_act.cc"
            },
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/eaa367379e0f08d5ab3167ac49136343e0c87e52"
        }
    ],
    "spl": "2025-01-01",
    "types": [
        "EoP"
    ],
    "severity": "High"
}

Android / platform/system/bt

Package

Name: platform/system/bt

Affected ranges

Type: ECOSYSTEM
Events: Introduced

12:0

Fixed

12:2025-01-01

Affected versions

Other

Ecosystem specific

{
    "fixes": [
        "https://android.googlesource.com/platform/system/bt/+/8a3dbadc71428a30b172a74343be08498c656747",
        "https://android.googlesource.com/platform/system/bt/+/f1ecd2dc34a536ccc7abe059df4619681d0a94d4"
    ],
    "spl": "2025-01-01",
    "types": [
        "EoP"
    ],
    "severity": "High"
}

Android / platform/system/bt

Package

Name: platform/system/bt

Affected ranges

Type: ECOSYSTEM
Events: Introduced

12L:0

Fixed

12L:2025-01-01

Affected versions

Other

12L

Ecosystem specific

{
    "fixes": [
        "https://android.googlesource.com/platform/system/bt/+/8a3dbadc71428a30b172a74343be08498c656747",
        "https://android.googlesource.com/platform/system/bt/+/f1ecd2dc34a536ccc7abe059df4619681d0a94d4"
    ],
    "spl": "2025-01-01",
    "types": [
        "EoP"
    ],
    "severity": "High"
}

Android / platform/packages/modules/Bluetooth

Package

Name: platform/packages/modules/Bluetooth

Affected ranges

Type: ECOSYSTEM
Events: Introduced

13:0

Fixed

13:2025-01-01

Affected versions

Other

Ecosystem specific

{
    "fixes": [
        "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/25a3fcd487c799d5d9029b8646159a0b10143d97",
        "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/7beac6cb722196248e321ed12dfcff68973f2e99"
    ],
    "vanir_signatures": [
        {
            "id": "ASB-A-251514170-3cd93d2b",
            "signature_type": "Function",
            "deprecated": false,
            "digest": {
                "length": 315.0,
                "function_hash": "148493323041777107474347058736277815724"
            },
            "target": {
                "file": "system/stack/smp/smp_act.cc",
                "function": "smp_proc_rand"
            },
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/7beac6cb722196248e321ed12dfcff68973f2e99"
        },
        {
            "id": "ASB-A-251514170-c980456e",
            "signature_type": "Function",
            "deprecated": false,
            "digest": {
                "length": 125.0,
                "function_hash": "74918214093950259196396537407830598564"
            },
            "target": {
                "file": "system/stack/smp/smp_act.cc",
                "function": "smp_send_confirm"
            },
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/25a3fcd487c799d5d9029b8646159a0b10143d97"
        },
        {
            "id": "ASB-A-251514170-de456c9d",
            "signature_type": "Line",
            "deprecated": false,
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "284655167967645119513794050319058262760",
                    "35807173110219351575438918942900306764",
                    "269924315002217808095667220357498707577",
                    "321499543104801346490054998121629800662",
                    "63269745553648631491921231036164254688",
                    "133178774613934554449228570743171422198",
                    "244876469753238988165122585518203483916"
                ]
            },
            "target": {
                "file": "system/stack/smp/smp_act.cc"
            },
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/25a3fcd487c799d5d9029b8646159a0b10143d97"
        }
    ],
    "spl": "2025-01-01",
    "types": [
        "EoP"
    ],
    "severity": "High"
}

Android / platform/packages/modules/Bluetooth

Package

Name: platform/packages/modules/Bluetooth

Affected ranges

Type: ECOSYSTEM
Events: Introduced

14:0

Fixed

14:2025-01-01

Affected versions

Other

Ecosystem specific

{
    "fixes": [
        "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/25a3fcd487c799d5d9029b8646159a0b10143d97",
        "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/7beac6cb722196248e321ed12dfcff68973f2e99"
    ],
    "vanir_signatures": [
        {
            "id": "ASB-A-251514170-173410c4",
            "signature_type": "Line",
            "deprecated": false,
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "284655167967645119513794050319058262760",
                    "35807173110219351575438918942900306764",
                    "269924315002217808095667220357498707577",
                    "321499543104801346490054998121629800662",
                    "63269745553648631491921231036164254688",
                    "133178774613934554449228570743171422198",
                    "244876469753238988165122585518203483916"
                ]
            },
            "target": {
                "file": "system/stack/smp/smp_act.cc"
            },
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/25a3fcd487c799d5d9029b8646159a0b10143d97"
        },
        {
            "id": "ASB-A-251514170-9fe7d910",
            "signature_type": "Function",
            "deprecated": false,
            "digest": {
                "length": 315.0,
                "function_hash": "148493323041777107474347058736277815724"
            },
            "target": {
                "file": "system/stack/smp/smp_act.cc",
                "function": "smp_proc_rand"
            },
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/7beac6cb722196248e321ed12dfcff68973f2e99"
        },
        {
            "id": "ASB-A-251514170-a86bebf3",
            "signature_type": "Function",
            "deprecated": false,
            "digest": {
                "length": 125.0,
                "function_hash": "74918214093950259196396537407830598564"
            },
            "target": {
                "file": "system/stack/smp/smp_act.cc",
                "function": "smp_send_confirm"
            },
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/25a3fcd487c799d5d9029b8646159a0b10143d97"
        }
    ],
    "spl": "2025-01-01",
    "types": [
        "EoP"
    ],
    "severity": "High"
}