ASB-A-275057843
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-275057843.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-275057843
- Aliases
-
- A-275057843
- CVE-2023-40080
- Published
- 2023-12-01T00:00:00Z
- Modified
- 2026-04-17T15:55:28.020024Z
- Summary
- [none]
- Details
-
In multiple functions of btmblegap.cc, there is a possible out of bounds write due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android
platform/packages/modules/Bluetooth
Package
- Name
- platform/packages/modules/Bluetooth
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"length": 949.0,
"function_hash": "246882659036614777100561683410077148485"
},
"id": "ASB-A-275057843-202324b2",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/3bb913ee8c7da4602798db754045c0fac57afecf",
"target": {
"function": "BTM_BlePeriodicSyncSetInfo",
"file": "system/stack/btm/btm_ble_gap.cc"
}
},
{
"digest": {
"length": 966.0,
"function_hash": "97755488648926379772386719676982052545"
},
"id": "ASB-A-275057843-5669f9e2",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/3bb913ee8c7da4602798db754045c0fac57afecf",
"target": {
"function": "BTM_BlePeriodicSyncTransfer",
"file": "system/stack/btm/btm_ble_gap.cc"
}
},
{
"digest": {
"length": 631.0,
"function_hash": "126904548340751815989801536040087105665"
},
"id": "ASB-A-275057843-6678219f",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/3bb913ee8c7da4602798db754045c0fac57afecf",
"target": {
"function": "btm_ble_start_sync_timeout",
"file": "system/stack/btm/btm_ble_gap.cc"
}
},
{
"digest": {
"length": 680.0,
"function_hash": "130921702505814118263895064456259885378"
},
"id": "ASB-A-275057843-9a9f5c36",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/3bb913ee8c7da4602798db754045c0fac57afecf",
"target": {
"function": "btm_ble_start_sync_request",
"file": "system/stack/btm/btm_ble_gap.cc"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"43864245619447460749875237851787664551",
"167548532180185462033831461179691632619",
"33575135035212560886115356346310377998",
"226756959700525368721015644821424642847",
"15368537722831841663178536074201952112",
"67674782737042082763137047287714577766",
"226622384061478884546808137033764846404",
"12088250185168833025521856155059416891",
"152668483481076418644668288044788974127",
"214232302117138856613462659433579297534",
"140344414876104536602397486092947308877",
"217766433110994427985590687834173348340",
"263151270257031066669012561786751224421",
"248130766202438940892703797255664643667",
"32053527644928171251614505547020290214",
"101572736127874747516684315745846603189",
"296379762876518701606384767804258646863",
"151263010402120895611752760767850715445",
"53791275150963334587617480176223235502",
"101572736127874747516684315745846603189",
"296379762876518701606384767804258646863",
"151263010402120895611752760767850715445",
"53791275150963334587617480176223235502"
]
},
"id": "ASB-A-275057843-9b85f3c0",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/3bb913ee8c7da4602798db754045c0fac57afecf",
"target": {
"file": "system/stack/btm/btm_ble_gap.cc"
}
},
{
"digest": {
"length": 570.0,
"function_hash": "78668012657219645030498776305440712796"
},
"id": "ASB-A-275057843-eb0cb207",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/3bb913ee8c7da4602798db754045c0fac57afecf",
"target": {
"function": "BTM_BleStartPeriodicSync",
"file": "system/stack/btm/btm_ble_gap.cc"
}
}
],
"fixes": [
"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/3bb913ee8c7da4602798db754045c0fac57afecf"
],
"types": [
"EoP"
],
"spl": "2023-12-01",
"severity": "High"
}platform/packages/modules/Bluetooth
Package
- Name
- platform/packages/modules/Bluetooth
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"length": 680.0,
"function_hash": "130921702505814118263895064456259885378"
},
"id": "ASB-A-275057843-30ae00e4",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/3bb913ee8c7da4602798db754045c0fac57afecf",
"target": {
"function": "btm_ble_start_sync_request",
"file": "system/stack/btm/btm_ble_gap.cc"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"43864245619447460749875237851787664551",
"167548532180185462033831461179691632619",
"33575135035212560886115356346310377998",
"226756959700525368721015644821424642847",
"15368537722831841663178536074201952112",
"67674782737042082763137047287714577766",
"226622384061478884546808137033764846404",
"12088250185168833025521856155059416891",
"152668483481076418644668288044788974127",
"214232302117138856613462659433579297534",
"140344414876104536602397486092947308877",
"217766433110994427985590687834173348340",
"263151270257031066669012561786751224421",
"248130766202438940892703797255664643667",
"32053527644928171251614505547020290214",
"101572736127874747516684315745846603189",
"296379762876518701606384767804258646863",
"151263010402120895611752760767850715445",
"53791275150963334587617480176223235502",
"101572736127874747516684315745846603189",
"296379762876518701606384767804258646863",
"151263010402120895611752760767850715445",
"53791275150963334587617480176223235502"
]
},
"id": "ASB-A-275057843-3e2df005",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/3bb913ee8c7da4602798db754045c0fac57afecf",
"target": {
"file": "system/stack/btm/btm_ble_gap.cc"
}
},
{
"digest": {
"length": 631.0,
"function_hash": "126904548340751815989801536040087105665"
},
"id": "ASB-A-275057843-48c0e647",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/3bb913ee8c7da4602798db754045c0fac57afecf",
"target": {
"function": "btm_ble_start_sync_timeout",
"file": "system/stack/btm/btm_ble_gap.cc"
}
},
{
"digest": {
"length": 966.0,
"function_hash": "97755488648926379772386719676982052545"
},
"id": "ASB-A-275057843-5e9fba60",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/3bb913ee8c7da4602798db754045c0fac57afecf",
"target": {
"function": "BTM_BlePeriodicSyncTransfer",
"file": "system/stack/btm/btm_ble_gap.cc"
}
},
{
"digest": {
"length": 949.0,
"function_hash": "246882659036614777100561683410077148485"
},
"id": "ASB-A-275057843-6b7bdffc",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/3bb913ee8c7da4602798db754045c0fac57afecf",
"target": {
"function": "BTM_BlePeriodicSyncSetInfo",
"file": "system/stack/btm/btm_ble_gap.cc"
}
},
{
"digest": {
"length": 570.0,
"function_hash": "78668012657219645030498776305440712796"
},
"id": "ASB-A-275057843-f446e077",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/3bb913ee8c7da4602798db754045c0fac57afecf",
"target": {
"function": "BTM_BleStartPeriodicSync",
"file": "system/stack/btm/btm_ble_gap.cc"
}
}
],
"fixes": [
"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/3bb913ee8c7da4602798db754045c0fac57afecf"
],
"types": [
"EoP"
],
"spl": "2023-12-01",
"severity": "High"
}platform/packages/modules/Bluetooth
Package
- Name
- platform/packages/modules/Bluetooth
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"43864245619447460749875237851787664551",
"167548532180185462033831461179691632619",
"33575135035212560886115356346310377998",
"226756959700525368721015644821424642847",
"15368537722831841663178536074201952112",
"67674782737042082763137047287714577766",
"226622384061478884546808137033764846404",
"12088250185168833025521856155059416891",
"152668483481076418644668288044788974127",
"214232302117138856613462659433579297534",
"140344414876104536602397486092947308877",
"217766433110994427985590687834173348340",
"263151270257031066669012561786751224421",
"248130766202438940892703797255664643667",
"32053527644928171251614505547020290214",
"101572736127874747516684315745846603189",
"296379762876518701606384767804258646863",
"151263010402120895611752760767850715445",
"53791275150963334587617480176223235502",
"101572736127874747516684315745846603189",
"296379762876518701606384767804258646863",
"151263010402120895611752760767850715445",
"53791275150963334587617480176223235502"
]
},
"id": "ASB-A-275057843-6bab0964",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/3bb913ee8c7da4602798db754045c0fac57afecf",
"target": {
"file": "system/stack/btm/btm_ble_gap.cc"
}
},
{
"digest": {
"length": 966.0,
"function_hash": "97755488648926379772386719676982052545"
},
"id": "ASB-A-275057843-6f9f6574",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/3bb913ee8c7da4602798db754045c0fac57afecf",
"target": {
"function": "BTM_BlePeriodicSyncTransfer",
"file": "system/stack/btm/btm_ble_gap.cc"
}
},
{
"digest": {
"length": 631.0,
"function_hash": "126904548340751815989801536040087105665"
},
"id": "ASB-A-275057843-9dc83e9b",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/3bb913ee8c7da4602798db754045c0fac57afecf",
"target": {
"function": "btm_ble_start_sync_timeout",
"file": "system/stack/btm/btm_ble_gap.cc"
}
},
{
"digest": {
"length": 680.0,
"function_hash": "130921702505814118263895064456259885378"
},
"id": "ASB-A-275057843-a8e18eb7",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/3bb913ee8c7da4602798db754045c0fac57afecf",
"target": {
"function": "btm_ble_start_sync_request",
"file": "system/stack/btm/btm_ble_gap.cc"
}
},
{
"digest": {
"length": 949.0,
"function_hash": "246882659036614777100561683410077148485"
},
"id": "ASB-A-275057843-d1a7d960",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/3bb913ee8c7da4602798db754045c0fac57afecf",
"target": {
"function": "BTM_BlePeriodicSyncSetInfo",
"file": "system/stack/btm/btm_ble_gap.cc"
}
},
{
"digest": {
"length": 570.0,
"function_hash": "78668012657219645030498776305440712796"
},
"id": "ASB-A-275057843-d365650c",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/3bb913ee8c7da4602798db754045c0fac57afecf",
"target": {
"function": "BTM_BleStartPeriodicSync",
"file": "system/stack/btm/btm_ble_gap.cc"
}
}
],
"fixes": [
"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/3bb913ee8c7da4602798db754045c0fac57afecf"
],
"types": [
"EoP"
],
"spl": "2023-12-01",
"severity": "High"
}