ASB-A-273874525

See a problem?

Import Source

https://storage.googleapis.com/android-osv/ASB-A-273874525.json

JSON Data

https://api.osv.dev/v1/vulns/ASB-A-273874525

Aliases

A-273874525
CVE-2023-40129

Published

2023-10-01T00:00:00Z

Modified

2026-04-17T15:55:28.020024Z

Summary

[none]

Details

In buildreadmultirsp of gattsr.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/system/bt

Package

Name: platform/system/bt

Affected ranges

Type: ECOSYSTEM
Events: Introduced

12:0

Fixed

12:2023-10-01

Affected versions

Other

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 1957.0,
                "function_hash": "36167147116348345863936788657702224124"
            },
            "id": "ASB-A-273874525-84daf640",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Function",
            "source": "https://android.googlesource.com/platform/system/bt/+/d5f27984f4ca265f28a4adf5835b0198a3e19aed",
            "target": {
                "function": "build_read_multi_rsp",
                "file": "stack/gatt/gatt_sr.cc"
            }
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "320180208113292607896087960140748321710",
                    "185620860055585878484986184931846809734",
                    "319420841029342921839194282503417907253",
                    "250978578845779696356386414138024276852",
                    "318872592807275993100937040753514395656",
                    "141269574546360549306461848829328979810",
                    "204714876695755523928580335686404439046",
                    "183905982059378682327217227057606426163",
                    "311954045522797841068282195162869825882",
                    "263232450369799039219493308252416876531",
                    "400206405204418213502213550468525364",
                    "314770545184342246476502425255109428247",
                    "307362275633226171916038256427833315124",
                    "308895341643965181959918133811250227217",
                    "122757879597053200394180763992077422796",
                    "67834856507516609453221547184769402811",
                    "129943154435575809610568843399508029933",
                    "237475983115649658632985560846409519343",
                    "13227297075605735205156259313947404717",
                    "85253462756822884360816865997710830720",
                    "24526966502570633969055920681276582168",
                    "325969589060144690288502607002477657459",
                    "89081833886852685892140623503777474500",
                    "99804003701978462269687672967659361085"
                ]
            },
            "id": "ASB-A-273874525-850b3746",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Line",
            "source": "https://android.googlesource.com/platform/system/bt/+/d5f27984f4ca265f28a4adf5835b0198a3e19aed",
            "target": {
                "file": "stack/gatt/gatt_sr.cc"
            }
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/system/bt/+/d5f27984f4ca265f28a4adf5835b0198a3e19aed"
    ],
    "types": [
        "RCE"
    ],
    "spl": "2023-10-01",
    "severity": "Critical"
}

Database specific

source

"https://storage.googleapis.com/android-osv/ASB-A-273874525.json"

Android / platform/system/bt

Package

Name: platform/system/bt

Affected ranges

Type: ECOSYSTEM
Events: Introduced

12L:0

Fixed

12L:2023-10-01

Affected versions

Other

12L

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 1957.0,
                "function_hash": "36167147116348345863936788657702224124"
            },
            "id": "ASB-A-273874525-11fb76c3",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Function",
            "source": "https://android.googlesource.com/platform/system/bt/+/d5f27984f4ca265f28a4adf5835b0198a3e19aed",
            "target": {
                "function": "build_read_multi_rsp",
                "file": "stack/gatt/gatt_sr.cc"
            }
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "320180208113292607896087960140748321710",
                    "185620860055585878484986184931846809734",
                    "319420841029342921839194282503417907253",
                    "250978578845779696356386414138024276852",
                    "318872592807275993100937040753514395656",
                    "141269574546360549306461848829328979810",
                    "204714876695755523928580335686404439046",
                    "183905982059378682327217227057606426163",
                    "311954045522797841068282195162869825882",
                    "263232450369799039219493308252416876531",
                    "400206405204418213502213550468525364",
                    "314770545184342246476502425255109428247",
                    "307362275633226171916038256427833315124",
                    "308895341643965181959918133811250227217",
                    "122757879597053200394180763992077422796",
                    "67834856507516609453221547184769402811",
                    "129943154435575809610568843399508029933",
                    "237475983115649658632985560846409519343",
                    "13227297075605735205156259313947404717",
                    "85253462756822884360816865997710830720",
                    "24526966502570633969055920681276582168",
                    "325969589060144690288502607002477657459",
                    "89081833886852685892140623503777474500",
                    "99804003701978462269687672967659361085"
                ]
            },
            "id": "ASB-A-273874525-a3859905",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Line",
            "source": "https://android.googlesource.com/platform/system/bt/+/d5f27984f4ca265f28a4adf5835b0198a3e19aed",
            "target": {
                "file": "stack/gatt/gatt_sr.cc"
            }
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/system/bt/+/d5f27984f4ca265f28a4adf5835b0198a3e19aed"
    ],
    "types": [
        "RCE"
    ],
    "spl": "2023-10-01",
    "severity": "Critical"
}

Database specific

source

"https://storage.googleapis.com/android-osv/ASB-A-273874525.json"

Android / platform/packages/modules/Bluetooth

Package

Name: platform/packages/modules/Bluetooth

Affected ranges

Type: ECOSYSTEM
Events: Introduced

13:0

Fixed

13:2023-10-01

Affected versions

Other

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "301476335257368158159457184534817724226",
                    "185620860055585878484986184931846809734",
                    "319420841029342921839194282503417907253",
                    "250978578845779696356386414138024276852",
                    "318872592807275993100937040753514395656",
                    "141269574546360549306461848829328979810",
                    "204714876695755523928580335686404439046",
                    "183905982059378682327217227057606426163",
                    "311954045522797841068282195162869825882",
                    "80778354735684940648400822243020094520",
                    "298240068789696469338359820937952988798",
                    "254072070548644218687734592118588744547",
                    "290108680486195309810329624003139389789",
                    "246147197161009651927417574757144612761",
                    "71153663538600734989617062507828621121",
                    "263232450369799039219493308252416876531",
                    "400206405204418213502213550468525364",
                    "314770545184342246476502425255109428247",
                    "307362275633226171916038256427833315124",
                    "308895341643965181959918133811250227217",
                    "122757879597053200394180763992077422796",
                    "67834856507516609453221547184769402811",
                    "129943154435575809610568843399508029933",
                    "237475983115649658632985560846409519343",
                    "13227297075605735205156259313947404717",
                    "85253462756822884360816865997710830720",
                    "24526966502570633969055920681276582168",
                    "325969589060144690288502607002477657459",
                    "89081833886852685892140623503777474500",
                    "99804003701978462269687672967659361085"
                ]
            },
            "id": "ASB-A-273874525-0522e5b7",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Line",
            "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/85f4d53c7bf90b806639a3a302f0007ffb3b9f23",
            "target": {
                "file": "system/stack/gatt/gatt_sr.cc"
            }
        },
        {
            "digest": {
                "length": 1957.0,
                "function_hash": "36167147116348345863936788657702224124"
            },
            "id": "ASB-A-273874525-16bcc80c",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Function",
            "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/85f4d53c7bf90b806639a3a302f0007ffb3b9f23",
            "target": {
                "function": "build_read_multi_rsp",
                "file": "system/stack/gatt/gatt_sr.cc"
            }
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/85f4d53c7bf90b806639a3a302f0007ffb3b9f23"
    ],
    "types": [
        "RCE"
    ],
    "spl": "2023-10-01",
    "severity": "Critical"
}

Database specific

source

"https://storage.googleapis.com/android-osv/ASB-A-273874525.json"