ASB-A-254774758

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-254774758.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-254774758
Aliases
Published
2023-04-01T00:00:00Z
Modified
2026-04-17T15:55:28.020024Z
Summary
[none]
Details

In OnWakelockReleased of attribution_processor.cc, there is a use after free that could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/packages/modules/Bluetooth

Package

Name
platform/packages/modules/Bluetooth

Affected ranges

Type
ECOSYSTEM
Events
Introduced
13-next:0
Fixed
13-next:2023-04-01

Affected versions

Other
13-next

Ecosystem specific 

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 3581.0,
                "function_hash": "67997498366820575910589749269650826408"
            },
            "id": "ASB-A-254774758-56075af3",
            "deprecated": false,
            "target": {
                "function": "AttributionProcessor::OnWakelockReleased",
                "file": "system/gd/btaa/linux_generic/attribution_processor.cc"
            },
            "signature_type": "Function",
            "match_only_versions": [
                "13-next"
            ],
            "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/8813b3b7a2f596e42db1844983025d2d10193676",
            "signature_version": "v1"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "12900549581914168485293397155119351593",
                    "188741019249326939814519404937643072082",
                    "318789242921263057414067221518528705292",
                    "304414865865909056343987389498040960484"
                ]
            },
            "id": "ASB-A-254774758-5e0df390",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Line",
            "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/8813b3b7a2f596e42db1844983025d2d10193676",
            "target": {
                "file": "system/gd/btaa/attribution_processor.h"
            }
        },
        {
            "digest": {
                "length": 3409.0,
                "function_hash": "299293289398272049689342512514058281279"
            },
            "id": "ASB-A-254774758-cbb937f6",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Function",
            "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/2ffa65df8a71a129d28cccb09459168bb9bb2a96",
            "target": {
                "function": "AttributionProcessor::OnWakelockReleased",
                "file": "system/gd/btaa/linux_generic/attribution_processor.cc"
            }
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "143941530185700875452918972360490076901",
                    "117866796008345477441414371737867758179",
                    "116807814216425906070591271558139157130",
                    "169809359126774245513351681617172054098"
                ]
            },
            "id": "ASB-A-254774758-ee6737e0",
            "deprecated": false,
            "target": {
                "file": "system/gd/btaa/linux_generic/attribution_processor.cc"
            },
            "signature_type": "Line",
            "match_only_versions": [
                "13-next"
            ],
            "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/8813b3b7a2f596e42db1844983025d2d10193676",
            "signature_version": "v1"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "18060905755506602008223646092062842807",
                    "145480387711426464881095117105460401534",
                    "63887230964152114113574021921283583566",
                    "205030628601755833546320678999063250221",
                    "144990182868268974103067371802256403907",
                    "17377848101485330564086492917232461262",
                    "140155046571125345422158689650378340741",
                    "271980606894935024015424335626156461340",
                    "53233114695008526344817102835550892994",
                    "275938546527731765269410863473714144466",
                    "171026771153299635694362358732147003952",
                    "102309086400846651721388724520953645395",
                    "233971134084911506611752761727870548569",
                    "125921412701228748292635841890358152991",
                    "144990182868268974103067371802256403907",
                    "108845131693991720011745577360710325132",
                    "208011038678721690757401280612294897421",
                    "204078919627188455613377777632337566914",
                    "73999548915854691353842325909389891616"
                ]
            },
            "id": "ASB-A-254774758-eef003ea",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Line",
            "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/2ffa65df8a71a129d28cccb09459168bb9bb2a96",
            "target": {
                "file": "system/gd/btaa/linux_generic/attribution_processor.cc"
            }
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/2ffa65df8a71a129d28cccb09459168bb9bb2a96",
        "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/8813b3b7a2f596e42db1844983025d2d10193676",
        "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/bdcf174f20a7fe2ecf9e35758d76d9db4b480090"
    ],
    "types": [
        "RCE"
    ],
    "spl": "2023-04-01",
    "severity": "Critical"
}

Database specific

source 
"https://storage.googleapis.com/android-osv/ASB-A-254774758.json"

Android / platform/packages/modules/Bluetooth

Package

Name
platform/packages/modules/Bluetooth

Affected ranges

Type
ECOSYSTEM
Events
Introduced
13:0
Fixed
13:2023-04-01

Affected versions

Other
13

Ecosystem specific 

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "12900549581914168485293397155119351593",
                    "188741019249326939814519404937643072082",
                    "318789242921263057414067221518528705292",
                    "304414865865909056343987389498040960484"
                ]
            },
            "id": "ASB-A-254774758-26690c9a",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Line",
            "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/fb9a519eed94776a488c5dcf0fa91d620bfc9e88",
            "target": {
                "file": "system/gd/btaa/attribution_processor.h"
            }
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "18060905755506602008223646092062842807",
                    "145480387711426464881095117105460401534",
                    "63887230964152114113574021921283583566",
                    "205030628601755833546320678999063250221",
                    "144990182868268974103067371802256403907",
                    "17377848101485330564086492917232461262",
                    "140155046571125345422158689650378340741",
                    "271980606894935024015424335626156461340",
                    "53233114695008526344817102835550892994",
                    "275938546527731765269410863473714144466",
                    "171026771153299635694362358732147003952",
                    "102309086400846651721388724520953645395",
                    "233971134084911506611752761727870548569",
                    "125921412701228748292635841890358152991",
                    "144990182868268974103067371802256403907",
                    "108845131693991720011745577360710325132",
                    "208011038678721690757401280612294897421",
                    "204078919627188455613377777632337566914",
                    "73999548915854691353842325909389891616"
                ]
            },
            "id": "ASB-A-254774758-49e29e85",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Line",
            "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/15fbebc88e86763c61f606592085f95a26c00b42",
            "target": {
                "file": "system/gd/btaa/linux_generic/attribution_processor.cc"
            }
        },
        {
            "digest": {
                "length": 3409.0,
                "function_hash": "299293289398272049689342512514058281279"
            },
            "id": "ASB-A-254774758-83498449",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Function",
            "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/15fbebc88e86763c61f606592085f95a26c00b42",
            "target": {
                "function": "AttributionProcessor::OnWakelockReleased",
                "file": "system/gd/btaa/linux_generic/attribution_processor.cc"
            }
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/be2a15703f7285d0dec4afaa8395e3a9a897d352",
        "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/fb9a519eed94776a488c5dcf0fa91d620bfc9e88",
        "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/15fbebc88e86763c61f606592085f95a26c00b42"
    ],
    "types": [
        "RCE"
    ],
    "spl": "2023-04-01",
    "severity": "Critical"
}

Database specific

source 
"https://storage.googleapis.com/android-osv/ASB-A-254774758.json"