ASB-A-251514171

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-251514171.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-251514171
Aliases
  • A-251514171
  • CVE-2025-26438
Published
2025-05-01T00:00:00Z
Modified
2025-05-05T15:30:13Z
Summary
[none]
Details

In smpprocesssecureconnectionoobdata of smpact.cc, there is a possible way to bypass SMP authentication due to Incorrect implementation of a protocol. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/packages/modules/Bluetooth

Affected ranges

Type
ECOSYSTEM
Events
Introduced
15-next:0
Fixed
15-next:2025-05-01

Affected versions

Other

15-next

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 1478.0,
                "function_hash": "107254158032908572902498059590686816099"
            },
            "id": "ASB-A-251514171-33c77558",
            "source": "https://googleplex-android.googlesource.com/platform/packages/modules/Bluetooth/+/0f5a7b3433c93e587bc5491b1647c208cfc04c38",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "system/stack/smp/smp_act.cc",
                "function": "smp_process_secure_connection_oob_data"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "169925125941823537600752468026067539694",
                    "113385753266922047354390093774613920887",
                    "95995477923874679239548703631812912981",
                    "178521878968928782378602093856495850943",
                    "222466249588433036185688638542666214903",
                    "22045282971727450260633747393179431458",
                    "197489951114962900942914413509197911311",
                    "198797200908979355331313755418372457948",
                    "309453622334382306353816301098314124138",
                    "127606651789028192380669981705663883234",
                    "202563545451616409801547758769826172190",
                    "11573155842480106439572378862971032968",
                    "184031576880264426989094457705577290909"
                ]
            },
            "id": "ASB-A-251514171-50c8b1d7",
            "source": "https://googleplex-android.googlesource.com/platform/packages/modules/Bluetooth/+/0f5a7b3433c93e587bc5491b1647c208cfc04c38",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "system/stack/smp/smp_act.cc"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/0f5a7b3433c93e587bc5491b1647c208cfc04c38"
    ],
    "spl": "2025-05-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/packages/modules/Bluetooth

Affected ranges

Type
ECOSYSTEM
Events
Introduced
15:0
Fixed
15:2025-05-01

Affected versions

Other

15

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "134130937920452753674887637254696993259",
                    "231708506710858175866185609260707736235",
                    "147235756275927838069155532100272565165"
                ]
            },
            "id": "ASB-A-251514171-0eca9eaf",
            "source": "https://googleplex-android.googlesource.com/platform/packages/modules/Bluetooth/+/faea50382d2b1932abac40b76507d9bcd374635e",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "system/stack/smp/smp_act.cc"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 1086.0,
                "function_hash": "198628309788322758344083288511938625723"
            },
            "id": "ASB-A-251514171-7d5f0e05",
            "source": "https://googleplex-android.googlesource.com/platform/packages/modules/Bluetooth/+/faea50382d2b1932abac40b76507d9bcd374635e",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "system/stack/smp/smp_act.cc",
                "function": "smp_process_secure_connection_oob_data"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/faea50382d2b1932abac40b76507d9bcd374635e"
    ],
    "spl": "2025-05-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/packages/modules/Bluetooth

Affected ranges

Type
ECOSYSTEM
Events
Introduced
13:0
Fixed
13:2025-05-01

Affected versions

Other

13

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "114632973770150251003126669934355297115",
                    "26568688585533256737126348896221948843",
                    "131396730146234005761979337859761040741"
                ]
            },
            "id": "ASB-A-251514171-535821b2",
            "source": "https://googleplex-android.googlesource.com/platform/packages/modules/Bluetooth/+/eb5e369706a6698769bc37f9afc1f386d822efcf",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "system/stack/smp/smp_act.cc"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 1132.0,
                "function_hash": "17155854342471303826645813739715962542"
            },
            "id": "ASB-A-251514171-bbf22fa8",
            "source": "https://googleplex-android.googlesource.com/platform/packages/modules/Bluetooth/+/eb5e369706a6698769bc37f9afc1f386d822efcf",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "system/stack/smp/smp_act.cc",
                "function": "smp_process_secure_connection_oob_data"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/eb5e369706a6698769bc37f9afc1f386d822efcf"
    ],
    "spl": "2025-05-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/packages/modules/Bluetooth

Affected ranges

Type
ECOSYSTEM
Events
Introduced
14:0
Fixed
14:2025-05-01

Affected versions

Other

14

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "114632973770150251003126669934355297115",
                    "26568688585533256737126348896221948843",
                    "131396730146234005761979337859761040741"
                ]
            },
            "id": "ASB-A-251514171-06bf7a68",
            "source": "https://googleplex-android.googlesource.com/platform/packages/modules/Bluetooth/+/eb5e369706a6698769bc37f9afc1f386d822efcf",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "system/stack/smp/smp_act.cc"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 1132.0,
                "function_hash": "17155854342471303826645813739715962542"
            },
            "id": "ASB-A-251514171-ceb070a5",
            "source": "https://googleplex-android.googlesource.com/platform/packages/modules/Bluetooth/+/eb5e369706a6698769bc37f9afc1f386d822efcf",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "system/stack/smp/smp_act.cc",
                "function": "smp_process_secure_connection_oob_data"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/eb5e369706a6698769bc37f9afc1f386d822efcf"
    ],
    "spl": "2025-05-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}