ASB-A-251514171
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-251514171.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-251514171
- Aliases
-
- A-251514171
- CVE-2025-26438
- Published
- 2025-05-01T00:00:00Z
- Modified
- 2025-10-23T15:57:26.264597Z
- Summary
- [none]
- Details
-
In smpprocesssecureconnectionoobdata of smpact.cc, there is a possible way to bypass SMP authentication due to Incorrect implementation of a protocol. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android
platform/packages/modules/Bluetooth
Package
- Name
- platform/packages/modules/Bluetooth
Ecosystem specific
{
"vanir_signatures": [
{
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/0f5a7b3433c93e587bc5491b1647c208cfc04c38",
"target": {
"function": "smp_process_secure_connection_oob_data",
"file": "system/stack/smp/smp_act.cc"
},
"id": "ASB-A-251514171-33c77558",
"deprecated": false,
"digest": {
"function_hash": "107254158032908572902498059590686816099",
"length": 1478.0
},
"signature_version": "v1",
"signature_type": "Function"
},
{
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/0f5a7b3433c93e587bc5491b1647c208cfc04c38",
"target": {
"file": "system/stack/smp/smp_act.cc"
},
"id": "ASB-A-251514171-50c8b1d7",
"deprecated": false,
"digest": {
"line_hashes": [
"169925125941823537600752468026067539694",
"113385753266922047354390093774613920887",
"95995477923874679239548703631812912981",
"178521878968928782378602093856495850943",
"222466249588433036185688638542666214903",
"22045282971727450260633747393179431458",
"197489951114962900942914413509197911311",
"198797200908979355331313755418372457948",
"309453622334382306353816301098314124138",
"127606651789028192380669981705663883234",
"202563545451616409801547758769826172190",
"11573155842480106439572378862971032968",
"184031576880264426989094457705577290909"
],
"threshold": 0.9
},
"signature_version": "v1",
"signature_type": "Line"
}
],
"spl": "2025-05-01",
"severity": "High",
"types": [
"EoP"
],
"fixes": [
"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/0f5a7b3433c93e587bc5491b1647c208cfc04c38"
]
}platform/packages/modules/Bluetooth
Package
- Name
- platform/packages/modules/Bluetooth
Ecosystem specific
{
"vanir_signatures": [
{
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/faea50382d2b1932abac40b76507d9bcd374635e",
"target": {
"file": "system/stack/smp/smp_act.cc"
},
"id": "ASB-A-251514171-0eca9eaf",
"deprecated": false,
"digest": {
"line_hashes": [
"134130937920452753674887637254696993259",
"231708506710858175866185609260707736235",
"147235756275927838069155532100272565165"
],
"threshold": 0.9
},
"signature_version": "v1",
"signature_type": "Line"
},
{
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/faea50382d2b1932abac40b76507d9bcd374635e",
"target": {
"function": "smp_process_secure_connection_oob_data",
"file": "system/stack/smp/smp_act.cc"
},
"id": "ASB-A-251514171-7d5f0e05",
"deprecated": false,
"digest": {
"function_hash": "198628309788322758344083288511938625723",
"length": 1086.0
},
"signature_version": "v1",
"signature_type": "Function"
}
],
"spl": "2025-05-01",
"severity": "High",
"types": [
"EoP"
],
"fixes": [
"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/faea50382d2b1932abac40b76507d9bcd374635e"
]
}platform/packages/modules/Bluetooth
Package
- Name
- platform/packages/modules/Bluetooth
Ecosystem specific
{
"vanir_signatures": [
{
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/eb5e369706a6698769bc37f9afc1f386d822efcf",
"target": {
"file": "system/stack/smp/smp_act.cc"
},
"id": "ASB-A-251514171-535821b2",
"deprecated": false,
"digest": {
"line_hashes": [
"114632973770150251003126669934355297115",
"26568688585533256737126348896221948843",
"131396730146234005761979337859761040741"
],
"threshold": 0.9
},
"signature_version": "v1",
"signature_type": "Line"
},
{
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/eb5e369706a6698769bc37f9afc1f386d822efcf",
"target": {
"function": "smp_process_secure_connection_oob_data",
"file": "system/stack/smp/smp_act.cc"
},
"id": "ASB-A-251514171-bbf22fa8",
"deprecated": false,
"digest": {
"function_hash": "17155854342471303826645813739715962542",
"length": 1132.0
},
"signature_version": "v1",
"signature_type": "Function"
}
],
"spl": "2025-05-01",
"severity": "High",
"types": [
"EoP"
],
"fixes": [
"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/eb5e369706a6698769bc37f9afc1f386d822efcf"
]
}platform/packages/modules/Bluetooth
Package
- Name
- platform/packages/modules/Bluetooth
Ecosystem specific
{
"vanir_signatures": [
{
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/eb5e369706a6698769bc37f9afc1f386d822efcf",
"target": {
"file": "system/stack/smp/smp_act.cc"
},
"id": "ASB-A-251514171-06bf7a68",
"deprecated": false,
"digest": {
"line_hashes": [
"114632973770150251003126669934355297115",
"26568688585533256737126348896221948843",
"131396730146234005761979337859761040741"
],
"threshold": 0.9
},
"signature_version": "v1",
"signature_type": "Line"
},
{
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/eb5e369706a6698769bc37f9afc1f386d822efcf",
"target": {
"function": "smp_process_secure_connection_oob_data",
"file": "system/stack/smp/smp_act.cc"
},
"id": "ASB-A-251514171-ceb070a5",
"deprecated": false,
"digest": {
"function_hash": "17155854342471303826645813739715962542",
"length": 1132.0
},
"signature_version": "v1",
"signature_type": "Function"
}
],
"spl": "2025-05-01",
"severity": "High",
"types": [
"EoP"
],
"fixes": [
"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/eb5e369706a6698769bc37f9afc1f386d822efcf"
]
}