ASB-A-291281168
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-291281168.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-291281168
- Aliases
-
- A-291281168
- CVE-2025-0084
- Published
- 2025-03-01T00:00:00Z
- Modified
- 2025-12-23T16:52:43.264865Z
- Summary
- [none]
- Details
-
In multiple locations, there is a possible out of bounds write due to a use after free. This could lead to remote code execution over Bluetooth, if HFP support is enabled, with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android
platform/packages/modules/Bluetooth
Package
- Name
- platform/packages/modules/Bluetooth
Ecosystem specific
{
"types": [
"RCE"
],
"severity": "Critical",
"spl": "2025-03-01",
"vanir_signatures": [
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"335368174811882274076803387340832741725",
"255031183291357723729392712308822489280",
"89229534733456882219803669197240033416",
"150124077756793490750368150011669814184"
]
},
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/0a9516473b961ec87dd404e7ec7ec08878863007",
"deprecated": false,
"target": {
"file": "system/stack/sdp/sdp_discovery.cc"
},
"id": "ASB-A-291281168-4029bdf3",
"signature_version": "v1",
"signature_type": "Line"
},
{
"digest": {
"function_hash": "55358988029788956911272662740912552981",
"length": 1278.0
},
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/0a9516473b961ec87dd404e7ec7ec08878863007",
"deprecated": false,
"target": {
"file": "system/bta/hf_client/bta_hf_client_sdp.cc",
"function": "bta_hf_client_do_disc"
},
"id": "ASB-A-291281168-666a0eb2",
"signature_version": "v1",
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"254894881002214492044306048939760605142",
"159748619053514283753669561004036297346",
"25363138603644386313863572322508944179",
"269601458157509761513275739540777980366"
]
},
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/0a9516473b961ec87dd404e7ec7ec08878863007",
"deprecated": false,
"target": {
"file": "system/bta/hf_client/bta_hf_client_sdp.cc"
},
"id": "ASB-A-291281168-70630a8d",
"signature_version": "v1",
"signature_type": "Line"
},
{
"digest": {
"function_hash": "310920496597318753910233274266619904423",
"length": 3344.0
},
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/0a9516473b961ec87dd404e7ec7ec08878863007",
"deprecated": false,
"target": {
"file": "system/stack/sdp/sdp_discovery.cc",
"function": "process_service_search_attr_rsp"
},
"id": "ASB-A-291281168-d92a4ec3",
"signature_version": "v1",
"signature_type": "Function"
}
],
"fixes": [
"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/0a9516473b961ec87dd404e7ec7ec08878863007"
]
}platform/packages/modules/Bluetooth
Package
- Name
- platform/packages/modules/Bluetooth
Ecosystem specific
{
"types": [
"RCE"
],
"severity": "Critical",
"spl": "2025-03-01",
"vanir_signatures": [
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"159748619053514283753669561004036297346",
"25363138603644386313863572322508944179",
"244994858623867397024298003931058285424"
]
},
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/27d31199637cbb1b322c8e85195fdaf2bee31da7",
"deprecated": false,
"target": {
"file": "system/bta/hf_client/bta_hf_client_sdp.cc"
},
"id": "ASB-A-291281168-29939421",
"signature_version": "v1",
"signature_type": "Line"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"255031183291357723729392712308822489280",
"89229534733456882219803669197240033416",
"150124077756793490750368150011669814184"
]
},
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/27d31199637cbb1b322c8e85195fdaf2bee31da7",
"deprecated": false,
"target": {
"file": "system/stack/sdp/sdp_discovery.cc"
},
"id": "ASB-A-291281168-70af9f2d",
"signature_version": "v1",
"signature_type": "Line"
},
{
"digest": {
"function_hash": "55358988029788956911272662740912552981",
"length": 1278.0
},
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/27d31199637cbb1b322c8e85195fdaf2bee31da7",
"deprecated": false,
"target": {
"file": "system/bta/hf_client/bta_hf_client_sdp.cc",
"function": "bta_hf_client_do_disc"
},
"id": "ASB-A-291281168-89deb657",
"signature_version": "v1",
"signature_type": "Function"
},
{
"digest": {
"function_hash": "48886429007938031076324531841910728667",
"length": 3316.0
},
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/27d31199637cbb1b322c8e85195fdaf2bee31da7",
"deprecated": false,
"target": {
"file": "system/stack/sdp/sdp_discovery.cc",
"function": "process_service_search_attr_rsp"
},
"id": "ASB-A-291281168-ab5abc09",
"signature_version": "v1",
"signature_type": "Function"
}
],
"fixes": [
"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/27d31199637cbb1b322c8e85195fdaf2bee31da7"
]
}platform/packages/modules/Bluetooth
Package
- Name
- platform/packages/modules/Bluetooth
Ecosystem specific
{
"types": [
"RCE"
],
"severity": "Critical",
"spl": "2025-03-01",
"vanir_signatures": [
{
"digest": {
"function_hash": "175959268000196746124901177656112188651",
"length": 1081.0
},
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/316bf3f262031ccd03dc4269a1b437a8b561beea",
"deprecated": false,
"target": {
"file": "system/bta/hf_client/bta_hf_client_sdp.cc",
"function": "bta_hf_client_do_disc"
},
"id": "ASB-A-291281168-096e6068",
"signature_version": "v1",
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"255031183291357723729392712308822489280",
"89229534733456882219803669197240033416",
"150124077756793490750368150011669814184"
]
},
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/316bf3f262031ccd03dc4269a1b437a8b561beea",
"deprecated": false,
"target": {
"file": "system/stack/sdp/sdp_discovery.cc"
},
"id": "ASB-A-291281168-be977787",
"signature_version": "v1",
"signature_type": "Line"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"159748619053514283753669561004036297346",
"129468403904434157000099795095811556475",
"210707820905137651020899590730257068989"
]
},
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/316bf3f262031ccd03dc4269a1b437a8b561beea",
"deprecated": false,
"target": {
"file": "system/bta/hf_client/bta_hf_client_sdp.cc"
},
"id": "ASB-A-291281168-d3e11696",
"signature_version": "v1",
"signature_type": "Line"
},
{
"digest": {
"function_hash": "50964962791788962943241798313227745602",
"length": 3308.0
},
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/316bf3f262031ccd03dc4269a1b437a8b561beea",
"deprecated": false,
"target": {
"file": "system/stack/sdp/sdp_discovery.cc",
"function": "process_service_search_attr_rsp"
},
"id": "ASB-A-291281168-d68af113",
"signature_version": "v1",
"signature_type": "Function"
}
],
"fixes": [
"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/316bf3f262031ccd03dc4269a1b437a8b561beea"
]
}platform/packages/modules/Bluetooth
Package
- Name
- platform/packages/modules/Bluetooth
Ecosystem specific
{
"types": [
"RCE"
],
"severity": "Critical",
"spl": "2025-03-01",
"vanir_signatures": [
{
"digest": {
"function_hash": "50964962791788962943241798313227745602",
"length": 3308.0
},
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/316bf3f262031ccd03dc4269a1b437a8b561beea",
"deprecated": false,
"target": {
"file": "system/stack/sdp/sdp_discovery.cc",
"function": "process_service_search_attr_rsp"
},
"id": "ASB-A-291281168-3cb58af0",
"signature_version": "v1",
"signature_type": "Function"
},
{
"digest": {
"function_hash": "175959268000196746124901177656112188651",
"length": 1081.0
},
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/316bf3f262031ccd03dc4269a1b437a8b561beea",
"deprecated": false,
"target": {
"file": "system/bta/hf_client/bta_hf_client_sdp.cc",
"function": "bta_hf_client_do_disc"
},
"id": "ASB-A-291281168-7d162416",
"signature_version": "v1",
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"159748619053514283753669561004036297346",
"129468403904434157000099795095811556475",
"210707820905137651020899590730257068989"
]
},
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/316bf3f262031ccd03dc4269a1b437a8b561beea",
"deprecated": false,
"target": {
"file": "system/bta/hf_client/bta_hf_client_sdp.cc"
},
"id": "ASB-A-291281168-95a4e7e0",
"signature_version": "v1",
"signature_type": "Line"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"255031183291357723729392712308822489280",
"89229534733456882219803669197240033416",
"150124077756793490750368150011669814184"
]
},
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/316bf3f262031ccd03dc4269a1b437a8b561beea",
"deprecated": false,
"target": {
"file": "system/stack/sdp/sdp_discovery.cc"
},
"id": "ASB-A-291281168-a484a4bd",
"signature_version": "v1",
"signature_type": "Line"
}
],
"fixes": [
"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/316bf3f262031ccd03dc4269a1b437a8b561beea"
]
}