ASB-A-271335899

See a problem?

Import Source

https://storage.googleapis.com/android-osv/ASB-A-271335899.json

JSON Data

https://api.osv.dev/v1/vulns/ASB-A-271335899

Aliases

A-271335899
CVE-2023-35681

Published

2023-09-01T00:00:00Z

Modified

2025-12-26T16:37:09.274667Z

Summary

[none]

Details

In eattl2capreconfigcompleted of eattimpl.h, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/packages/modules/Bluetooth

Package

Name: platform/packages/modules/Bluetooth

Affected ranges

Type: ECOSYSTEM
Events: Introduced

13-next:0

Fixed

13-next:2023-09-01

Affected versions

Other

13-next

Ecosystem specific

{
    "types": [
        "RCE"
    ],
    "severity": "Critical",
    "fixes": [
        "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/282d4a182ea6a7d2e6e0f6901d2bc1e75b49e52f"
    ],
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "106468571724457935060889431497082031573",
                    "224746628071366889996733460199723691463",
                    "269050480755408262475493031397919512570",
                    "337728979793973427592397871584260474723",
                    "64763010061956417951425775569181908724",
                    "158595671907601721849330534614287272374",
                    "6278613269636320475066097300482403831",
                    "139581319459527572518299348002139755630",
                    "315204657456236489965325720265591737430",
                    "237587774238938777520761873807626246871",
                    "326220230029268022540499762400229363028",
                    "331151508027849466654896791392215369638",
                    "281105754671305560937296257709464800069",
                    "242523549094094978786013181756494489007",
                    "141190444124508517757142649718561139701",
                    "187107218421415198676659012306597618903",
                    "270901897684879479235076094318212763996",
                    "64899529114296083661267038785523487649"
                ]
            },
            "target": {
                "file": "system/stack/eatt/eatt.h"
            },
            "deprecated": true,
            "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/282d4a182ea6a7d2e6e0f6901d2bc1e75b49e52f",
            "id": "ASB-A-271335899-6bd28875",
            "signature_type": "Line",
            "signature_version": "v1"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "331090966016956691892133144993749040555",
                    "270430452053097064486327914452413722223",
                    "215904791462145415175955496860471742186",
                    "110114905142101222154756594980242415244"
                ]
            },
            "target": {
                "file": "system/stack/eatt/eatt_impl.h"
            },
            "deprecated": true,
            "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/282d4a182ea6a7d2e6e0f6901d2bc1e75b49e52f",
            "id": "ASB-A-271335899-e3a587c6",
            "signature_type": "Line",
            "signature_version": "v1"
        }
    ],
    "spl": "2023-09-01"
}