ASB-A-291281168
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-291281168.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-291281168
- Aliases
-
- A-291281168
- CVE-2025-0084
- Published
- 2025-03-01T00:00:00Z
- Modified
- 2025-07-10T15:11:05.955812Z
- Summary
- [none]
- Details
-
In multiple locations, there is a possible out of bounds write due to a use after free. This could lead to remote code execution over Bluetooth, if HFP support is enabled, with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android / platform/packages/modules/Bluetooth
Package
Ecosystem specific
{
"fixes": [
"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/0a9516473b961ec87dd404e7ec7ec08878863007"
],
"vanir_signatures": [
{
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/0a9516473b961ec87dd404e7ec7ec08878863007",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"335368174811882274076803387340832741725",
"255031183291357723729392712308822489280",
"89229534733456882219803669197240033416",
"150124077756793490750368150011669814184"
]
},
"target": {
"file": "system/stack/sdp/sdp_discovery.cc"
},
"signature_version": "v1",
"id": "ASB-A-291281168-4029bdf3"
},
{
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/0a9516473b961ec87dd404e7ec7ec08878863007",
"deprecated": false,
"digest": {
"length": 1278.0,
"function_hash": "55358988029788956911272662740912552981"
},
"target": {
"file": "system/bta/hf_client/bta_hf_client_sdp.cc",
"function": "bta_hf_client_do_disc"
},
"signature_version": "v1",
"id": "ASB-A-291281168-666a0eb2"
},
{
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/0a9516473b961ec87dd404e7ec7ec08878863007",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"254894881002214492044306048939760605142",
"159748619053514283753669561004036297346",
"25363138603644386313863572322508944179",
"269601458157509761513275739540777980366"
]
},
"target": {
"file": "system/bta/hf_client/bta_hf_client_sdp.cc"
},
"signature_version": "v1",
"id": "ASB-A-291281168-70630a8d"
},
{
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/0a9516473b961ec87dd404e7ec7ec08878863007",
"deprecated": false,
"digest": {
"length": 3344.0,
"function_hash": "310920496597318753910233274266619904423"
},
"target": {
"file": "system/stack/sdp/sdp_discovery.cc",
"function": "process_service_search_attr_rsp"
},
"signature_version": "v1",
"id": "ASB-A-291281168-d92a4ec3"
}
],
"severity": "Critical",
"spl": "2025-03-01",
"types": [
"RCE"
]
}
Android / platform/packages/modules/Bluetooth
Package
Ecosystem specific
{
"fixes": [
"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/27d31199637cbb1b322c8e85195fdaf2bee31da7"
],
"vanir_signatures": [
{
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/27d31199637cbb1b322c8e85195fdaf2bee31da7",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"159748619053514283753669561004036297346",
"25363138603644386313863572322508944179",
"244994858623867397024298003931058285424"
]
},
"target": {
"file": "system/bta/hf_client/bta_hf_client_sdp.cc"
},
"signature_version": "v1",
"id": "ASB-A-291281168-29939421"
},
{
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/27d31199637cbb1b322c8e85195fdaf2bee31da7",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"255031183291357723729392712308822489280",
"89229534733456882219803669197240033416",
"150124077756793490750368150011669814184"
]
},
"target": {
"file": "system/stack/sdp/sdp_discovery.cc"
},
"signature_version": "v1",
"id": "ASB-A-291281168-70af9f2d"
},
{
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/27d31199637cbb1b322c8e85195fdaf2bee31da7",
"deprecated": false,
"digest": {
"length": 1278.0,
"function_hash": "55358988029788956911272662740912552981"
},
"target": {
"file": "system/bta/hf_client/bta_hf_client_sdp.cc",
"function": "bta_hf_client_do_disc"
},
"signature_version": "v1",
"id": "ASB-A-291281168-89deb657"
},
{
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/27d31199637cbb1b322c8e85195fdaf2bee31da7",
"deprecated": false,
"digest": {
"length": 3316.0,
"function_hash": "48886429007938031076324531841910728667"
},
"target": {
"file": "system/stack/sdp/sdp_discovery.cc",
"function": "process_service_search_attr_rsp"
},
"signature_version": "v1",
"id": "ASB-A-291281168-ab5abc09"
}
],
"severity": "Critical",
"spl": "2025-03-01",
"types": [
"RCE"
]
}
Android / platform/packages/modules/Bluetooth
Package
Ecosystem specific
{
"fixes": [
"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/316bf3f262031ccd03dc4269a1b437a8b561beea"
],
"vanir_signatures": [
{
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/316bf3f262031ccd03dc4269a1b437a8b561beea",
"deprecated": false,
"digest": {
"length": 1081.0,
"function_hash": "175959268000196746124901177656112188651"
},
"target": {
"file": "system/bta/hf_client/bta_hf_client_sdp.cc",
"function": "bta_hf_client_do_disc"
},
"signature_version": "v1",
"id": "ASB-A-291281168-096e6068"
},
{
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/316bf3f262031ccd03dc4269a1b437a8b561beea",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"255031183291357723729392712308822489280",
"89229534733456882219803669197240033416",
"150124077756793490750368150011669814184"
]
},
"target": {
"file": "system/stack/sdp/sdp_discovery.cc"
},
"signature_version": "v1",
"id": "ASB-A-291281168-be977787"
},
{
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/316bf3f262031ccd03dc4269a1b437a8b561beea",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"159748619053514283753669561004036297346",
"129468403904434157000099795095811556475",
"210707820905137651020899590730257068989"
]
},
"target": {
"file": "system/bta/hf_client/bta_hf_client_sdp.cc"
},
"signature_version": "v1",
"id": "ASB-A-291281168-d3e11696"
},
{
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/316bf3f262031ccd03dc4269a1b437a8b561beea",
"deprecated": false,
"digest": {
"length": 3308.0,
"function_hash": "50964962791788962943241798313227745602"
},
"target": {
"file": "system/stack/sdp/sdp_discovery.cc",
"function": "process_service_search_attr_rsp"
},
"signature_version": "v1",
"id": "ASB-A-291281168-d68af113"
}
],
"severity": "Critical",
"spl": "2025-03-01",
"types": [
"RCE"
]
}
Android / platform/packages/modules/Bluetooth
Package
Ecosystem specific
{
"fixes": [
"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/316bf3f262031ccd03dc4269a1b437a8b561beea"
],
"vanir_signatures": [
{
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/316bf3f262031ccd03dc4269a1b437a8b561beea",
"deprecated": false,
"digest": {
"length": 3308.0,
"function_hash": "50964962791788962943241798313227745602"
},
"target": {
"file": "system/stack/sdp/sdp_discovery.cc",
"function": "process_service_search_attr_rsp"
},
"signature_version": "v1",
"id": "ASB-A-291281168-3cb58af0"
},
{
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/316bf3f262031ccd03dc4269a1b437a8b561beea",
"deprecated": false,
"digest": {
"length": 1081.0,
"function_hash": "175959268000196746124901177656112188651"
},
"target": {
"file": "system/bta/hf_client/bta_hf_client_sdp.cc",
"function": "bta_hf_client_do_disc"
},
"signature_version": "v1",
"id": "ASB-A-291281168-7d162416"
},
{
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/316bf3f262031ccd03dc4269a1b437a8b561beea",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"159748619053514283753669561004036297346",
"129468403904434157000099795095811556475",
"210707820905137651020899590730257068989"
]
},
"target": {
"file": "system/bta/hf_client/bta_hf_client_sdp.cc"
},
"signature_version": "v1",
"id": "ASB-A-291281168-95a4e7e0"
},
{
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/316bf3f262031ccd03dc4269a1b437a8b561beea",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"255031183291357723729392712308822489280",
"89229534733456882219803669197240033416",
"150124077756793490750368150011669814184"
]
},
"target": {
"file": "system/stack/sdp/sdp_discovery.cc"
},
"signature_version": "v1",
"id": "ASB-A-291281168-a484a4bd"
}
],
"severity": "Critical",
"spl": "2025-03-01",
"types": [
"RCE"
]
}