In multiple locations, there is a possible way to inject keystrokes due to improper input validation. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
{ "vanir_signatures": [ { "digest": { "length": 3687.0, "function_hash": "43061959119376664686213669205630250217" }, "id": "ASB-A-294854926-059d157c", "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/47e6e149f1d4dc557e10033ac9b147d24b37bea9", "deprecated": false, "signature_version": "v1", "target": { "file": "system/stack/btm/btm_sec.cc", "function": "btm_sec_mx_access_request" }, "signature_type": "Function" }, { "digest": { "length": 4651.0, "function_hash": "215695592036135719644977304772359023020" }, "id": "ASB-A-294854926-090125e9", "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/c11c2a2bead295edf18cecf682255a498e84133a", "deprecated": false, "signature_version": "v1", "target": { "file": "system/stack/btm/btm_sec.cc", "function": "btm_sec_l2cap_access_req_by_requirement" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "327726614591132955930433172871099717903", "197930606696217597035208074150621772822", "166794929128900300915561907345180701273", "164199376099043487722114674449096514495", "23620032038652460826050081495759217785", "297213598390837072291132050047395006129", "327221696050590702682098809278413926844", "258687265015304540196780716216700072890", "320361581108495589074678686765361193246", "336571227219424925835724995270954847657", "115427643381435667709037331751617952024", "29553329085620064767598501518369690775", "170522308103141478552028082718541408689" ] }, "id": "ASB-A-294854926-491808bc", "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/1f08f638c91169df84a43b6cd4e04d1aa3a5d554", "deprecated": false, "signature_version": "v1", "target": { "file": "system/stack/btm/btm_sec.cc" }, "signature_type": "Line" }, { "digest": { "length": 3064.0, "function_hash": "7543547725549122498057745148487987420" }, "id": "ASB-A-294854926-6cefc009", "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/916b6d3899908ed09f81be131e48933637e4c9ef", "deprecated": false, "signature_version": "v1", "target": { "file": "system/stack/btm/btm_sec.cc", "function": "btm_sec_execute_procedure" }, "signature_type": "Function" }, { "digest": { "length": 3218.0, "function_hash": "227716039357205455596514507040959899397" }, "id": "ASB-A-294854926-83be7474", "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/7db69a79091ec0199ddbac2a7b8cf1e0b57631d9", "deprecated": false, "signature_version": "v1", "target": { "file": "system/stack/btm/btm_sec.cc", "function": "btm_sec_execute_procedure" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "88710778939939341708182668696184595067", "316442034712659710033328952761665050987", "239601478006897628917834495740462975633", "185290641695190860213052543011444003626", "66368683702105953488782220688795689462", "22481806171367450194091711553814426049", "59072545174229000742900569033826009446", "77121349886279935010345127709434548406", "211573699949862158210065507873481000101", "50501308920270220513354876286744260575", "154287669510427265633008105313165446521", "40497840818941502570794969669981540994", "12609281695717453417979954011582625658", "191022934420395666287276243622152618880", "121179739499933830404999192882733450321", "114462787912678077604416508882015537397", "79753896944960809786040229503677631995", "324387921172300633552126393370693173158", "117323551458770150904581659960166190040", "263174241450555514913995875450648538592", "14865090226669659818693850022332333744", "176675532814169278854780150411146545439", "337388328990730320040764338873050589091", "306411892969702854172529488471529543967", "19788115616581493742615304364948347714" ] }, "id": "ASB-A-294854926-8dc4be8a", "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/916b6d3899908ed09f81be131e48933637e4c9ef", "deprecated": false, "signature_version": "v1", "target": { "file": "system/stack/btm/btm_sec.cc" }, "signature_type": "Line" }, { "digest": { "threshold": 0.9, "line_hashes": [ "72640883571315974401250223963091742820", "10831332715061995584754754210053003576", "247678602532410717537523742923505432100", "125686806664114597449707522274858443984", "149702862141601733625195210600101596283", "5541387743230517824350027217286894796", "326246543653298477335977389305504641561", "218663247680270114853278597221267139848" ] }, "id": "ASB-A-294854926-c0fdb8cd", "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/c11c2a2bead295edf18cecf682255a498e84133a", "deprecated": false, "signature_version": "v1", "target": { "file": "system/stack/btm/btm_sec.cc" }, "signature_type": "Line" }, { "digest": { "threshold": 0.9, "line_hashes": [ "130576089680536536344037578514106496567", "124972510390996048002673081655286670014", "304790754760881851060894806698575827324", "112947201565128364641089025777777922660", "39523914723792721698083737087618592613", "143134273395999632632466771533559157311", "134335022737795770251329799216660606953", "21549805784849976879903962811056827916", "226126933156987047440362986053037483724", "134207623260156721310079654572720950563" ] }, "id": "ASB-A-294854926-c9629e24", "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/7db69a79091ec0199ddbac2a7b8cf1e0b57631d9", "deprecated": false, "signature_version": "v1", "target": { "file": "system/stack/btm/btm_sec.cc" }, "signature_type": "Line" }, { "digest": { "length": 2853.0, "function_hash": "246109971278572293455660786350735293608" }, "id": "ASB-A-294854926-cfc1bb84", "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/1f08f638c91169df84a43b6cd4e04d1aa3a5d554", "deprecated": false, "signature_version": "v1", "target": { "file": "system/stack/btm/btm_sec.cc", "function": "btm_sec_execute_procedure" }, "signature_type": "Function" }, { "digest": { "length": 4510.0, "function_hash": "9157070141791544964759663560233365137" }, "id": "ASB-A-294854926-d615ce60", "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/1f08f638c91169df84a43b6cd4e04d1aa3a5d554", "deprecated": false, "signature_version": "v1", "target": { "file": "system/stack/btm/btm_sec.cc", "function": "btm_sec_l2cap_access_req_by_requirement" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "62864883837795556395038769934841282591", "152724950096426265462179098672602977003", "199016575340536779230922651505676499081", "208800338443382568773467122031384533390" ] }, "id": "ASB-A-294854926-f9682595", "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/47e6e149f1d4dc557e10033ac9b147d24b37bea9", "deprecated": false, "signature_version": "v1", "target": { "file": "system/stack/btm/btm_sec.cc" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/1f08f638c91169df84a43b6cd4e04d1aa3a5d554", "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/47e6e149f1d4dc557e10033ac9b147d24b37bea9", "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/c11c2a2bead295edf18cecf682255a498e84133a", "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/916b6d3899908ed09f81be131e48933637e4c9ef", "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/7db69a79091ec0199ddbac2a7b8cf1e0b57631d9" ], "spl": "2023-12-05", "severity": "Critical", "types": [ "EoP" ] }
{ "vanir_signatures": [ { "digest": { "length": 3823.0, "function_hash": "64890337561556695552529591354345770620" }, "id": "ASB-A-294854926-62563d58", "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/9878a84e7eebb49ba994a9bbdd2258ecf4b3abb8", "deprecated": false, "signature_version": "v1", "target": { "file": "system/stack/btm/btm_sec.cc", "function": "btm_sec_mx_access_request" }, "signature_type": "Function" }, { "digest": { "length": 2779.0, "function_hash": "47862086917595918524314744637140425822" }, "id": "ASB-A-294854926-6d1ea1d6", "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/232f4f81a9774196f688e956f50084514110798a", "deprecated": false, "signature_version": "v1", "target": { "file": "system/stack/btm/btm_sec.cc", "function": "btm_sec_execute_procedure" }, "signature_type": "Function" }, { "digest": { "length": 4510.0, "function_hash": "9157070141791544964759663560233365137" }, "id": "ASB-A-294854926-7ac3c165", "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/232f4f81a9774196f688e956f50084514110798a", "deprecated": false, "signature_version": "v1", "target": { "file": "system/stack/btm/btm_sec.cc", "function": "btm_sec_l2cap_access_req_by_requirement" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "72640883571315974401250223963091742820", "10831332715061995584754754210053003576", "247678602532410717537523742923505432100", "125686806664114597449707522274858443984", "149702862141601733625195210600101596283", "5541387743230517824350027217286894796", "326246543653298477335977389305504641561", "218663247680270114853278597221267139848" ] }, "id": "ASB-A-294854926-8231763f", "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/9e4cef217f1d1e11fb7b74765ec17200e618bc24", "deprecated": false, "signature_version": "v1", "target": { "file": "system/stack/btm/btm_sec.cc" }, "signature_type": "Line" }, { "digest": { "threshold": 0.9, "line_hashes": [ "327726614591132955930433172871099717903", "150713718228937724368047022834802500669", "188944822711260041976089381464245873248", "164199376099043487722114674449096514495", "23620032038652460826050081495759217785", "297213598390837072291132050047395006129", "327221696050590702682098809278413926844", "258687265015304540196780716216700072890", "320361581108495589074678686765361193246", "336571227219424925835724995270954847657", "115427643381435667709037331751617952024", "29553329085620064767598501518369690775", "170522308103141478552028082718541408689" ] }, "id": "ASB-A-294854926-863c79ff", "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/232f4f81a9774196f688e956f50084514110798a", "deprecated": false, "signature_version": "v1", "target": { "file": "system/stack/btm/btm_sec.cc" }, "signature_type": "Line" }, { "digest": { "threshold": 0.9, "line_hashes": [ "130576089680536536344037578514106496567", "124972510390996048002673081655286670014", "304790754760881851060894806698575827324", "112947201565128364641089025777777922660", "39523914723792721698083737087618592613", "143134273395999632632466771533559157311", "134335022737795770251329799216660606953", "21549805784849976879903962811056827916", "226126933156987047440362986053037483724", "134207623260156721310079654572720950563" ] }, "id": "ASB-A-294854926-89f29961", "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/0a8c39cda12639f0b08f5ca79bff6b5515ab20d9", "deprecated": false, "signature_version": "v1", "target": { "file": "system/stack/btm/btm_sec.cc" }, "signature_type": "Line" }, { "digest": { "length": 3144.0, "function_hash": "53983468789301059142697866019089284215" }, "id": "ASB-A-294854926-90a1b3e7", "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/0a8c39cda12639f0b08f5ca79bff6b5515ab20d9", "deprecated": false, "signature_version": "v1", "target": { "file": "system/stack/btm/btm_sec.cc", "function": "btm_sec_execute_procedure" }, "signature_type": "Function" }, { "digest": { "length": 4651.0, "function_hash": "215695592036135719644977304772359023020" }, "id": "ASB-A-294854926-92a948a1", "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/9e4cef217f1d1e11fb7b74765ec17200e618bc24", "deprecated": false, "signature_version": "v1", "target": { "file": "system/stack/btm/btm_sec.cc", "function": "btm_sec_l2cap_access_req_by_requirement" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "62864883837795556395038769934841282591", "152724950096426265462179098672602977003", "199016575340536779230922651505676499081", "208800338443382568773467122031384533390" ] }, "id": "ASB-A-294854926-9ab963fc", "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/9878a84e7eebb49ba994a9bbdd2258ecf4b3abb8", "deprecated": false, "signature_version": "v1", "target": { "file": "system/stack/btm/btm_sec.cc" }, "signature_type": "Line" }, { "digest": { "threshold": 0.9, "line_hashes": [ "88710778939939341708182668696184595067", "316442034712659710033328952761665050987", "239601478006897628917834495740462975633", "185290641695190860213052543011444003626", "66368683702105953488782220688795689462", "22481806171367450194091711553814426049", "59072545174229000742900569033826009446", "77121349886279935010345127709434548406", "211573699949862158210065507873481000101", "50501308920270220513354876286744260575", "154287669510427265633008105313165446521", "40497840818941502570794969669981540994", "12609281695717453417979954011582625658", "191022934420395666287276243622152618880", "121179739499933830404999192882733450321", "114462787912678077604416508882015537397", "79753896944960809786040229503677631995", "324387921172300633552126393370693173158", "117323551458770150904581659960166190040", "263174241450555514913995875450648538592", "14865090226669659818693850022332333744", "176675532814169278854780150411146545439", "337388328990730320040764338873050589091", "306411892969702854172529488471529543967", "19788115616581493742615304364948347714" ] }, "id": "ASB-A-294854926-b6f3c1fd", "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/6bacbe908e8ba71422badc6ebff47d3f021e8824", "deprecated": false, "signature_version": "v1", "target": { "file": "system/stack/btm/btm_sec.cc" }, "signature_type": "Line" }, { "digest": { "length": 2990.0, "function_hash": "118553798505122248232926303275660380254" }, "id": "ASB-A-294854926-ccf61271", "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/6bacbe908e8ba71422badc6ebff47d3f021e8824", "deprecated": false, "signature_version": "v1", "target": { "file": "system/stack/btm/btm_sec.cc", "function": "btm_sec_execute_procedure" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/232f4f81a9774196f688e956f50084514110798a", "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/9878a84e7eebb49ba994a9bbdd2258ecf4b3abb8", "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/9e4cef217f1d1e11fb7b74765ec17200e618bc24", "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/6bacbe908e8ba71422badc6ebff47d3f021e8824", "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/0a8c39cda12639f0b08f5ca79bff6b5515ab20d9" ], "spl": "2023-12-05", "severity": "Critical", "types": [ "EoP" ] }
{ "vanir_signatures": [ { "digest": { "length": 2853.0, "function_hash": "246109971278572293455660786350735293608" }, "id": "ASB-A-294854926-0edcf7c0", "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/1f08f638c91169df84a43b6cd4e04d1aa3a5d554", "deprecated": false, "signature_version": "v1", "target": { "file": "system/stack/btm/btm_sec.cc", "function": "btm_sec_execute_procedure" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "62864883837795556395038769934841282591", "152724950096426265462179098672602977003", "199016575340536779230922651505676499081", "208800338443382568773467122031384533390" ] }, "id": "ASB-A-294854926-27d7461b", "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/47e6e149f1d4dc557e10033ac9b147d24b37bea9", "deprecated": false, "signature_version": "v1", "target": { "file": "system/stack/btm/btm_sec.cc" }, "signature_type": "Line" }, { "digest": { "length": 3218.0, "function_hash": "227716039357205455596514507040959899397" }, "id": "ASB-A-294854926-509a6d29", "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/7db69a79091ec0199ddbac2a7b8cf1e0b57631d9", "deprecated": false, "signature_version": "v1", "target": { "file": "system/stack/btm/btm_sec.cc", "function": "btm_sec_execute_procedure" }, "signature_type": "Function" }, { "digest": { "length": 3687.0, "function_hash": "43061959119376664686213669205630250217" }, "id": "ASB-A-294854926-68de9477", "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/47e6e149f1d4dc557e10033ac9b147d24b37bea9", "deprecated": false, "signature_version": "v1", "target": { "file": "system/stack/btm/btm_sec.cc", "function": "btm_sec_mx_access_request" }, "signature_type": "Function" }, { "digest": { "length": 4510.0, "function_hash": "9157070141791544964759663560233365137" }, "id": "ASB-A-294854926-77f1e02a", "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/1f08f638c91169df84a43b6cd4e04d1aa3a5d554", "deprecated": false, "signature_version": "v1", "target": { "file": "system/stack/btm/btm_sec.cc", "function": "btm_sec_l2cap_access_req_by_requirement" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "88710778939939341708182668696184595067", "316442034712659710033328952761665050987", "239601478006897628917834495740462975633", "185290641695190860213052543011444003626", "66368683702105953488782220688795689462", "22481806171367450194091711553814426049", "59072545174229000742900569033826009446", "77121349886279935010345127709434548406", "211573699949862158210065507873481000101", "50501308920270220513354876286744260575", "154287669510427265633008105313165446521", "40497840818941502570794969669981540994", "12609281695717453417979954011582625658", "191022934420395666287276243622152618880", "121179739499933830404999192882733450321", "114462787912678077604416508882015537397", "79753896944960809786040229503677631995", "324387921172300633552126393370693173158", "117323551458770150904581659960166190040", "263174241450555514913995875450648538592", "14865090226669659818693850022332333744", "176675532814169278854780150411146545439", "337388328990730320040764338873050589091", "306411892969702854172529488471529543967", "19788115616581493742615304364948347714" ] }, "id": "ASB-A-294854926-82751d39", "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/916b6d3899908ed09f81be131e48933637e4c9ef", "deprecated": false, "signature_version": "v1", "target": { "file": "system/stack/btm/btm_sec.cc" }, "signature_type": "Line" }, { "digest": { "length": 4651.0, "function_hash": "215695592036135719644977304772359023020" }, "id": "ASB-A-294854926-91dd5294", "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/c11c2a2bead295edf18cecf682255a498e84133a", "deprecated": false, "signature_version": "v1", "target": { "file": "system/stack/btm/btm_sec.cc", "function": "btm_sec_l2cap_access_req_by_requirement" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "72640883571315974401250223963091742820", "10831332715061995584754754210053003576", "247678602532410717537523742923505432100", "125686806664114597449707522274858443984", "149702862141601733625195210600101596283", "5541387743230517824350027217286894796", "326246543653298477335977389305504641561", "218663247680270114853278597221267139848" ] }, "id": "ASB-A-294854926-acbd93ac", "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/c11c2a2bead295edf18cecf682255a498e84133a", "deprecated": false, "signature_version": "v1", "target": { "file": "system/stack/btm/btm_sec.cc" }, "signature_type": "Line" }, { "digest": { "threshold": 0.9, "line_hashes": [ "130576089680536536344037578514106496567", "124972510390996048002673081655286670014", "304790754760881851060894806698575827324", "112947201565128364641089025777777922660", "39523914723792721698083737087618592613", "143134273395999632632466771533559157311", "134335022737795770251329799216660606953", "21549805784849976879903962811056827916", "226126933156987047440362986053037483724", "134207623260156721310079654572720950563" ] }, "id": "ASB-A-294854926-b96aaebe", "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/7db69a79091ec0199ddbac2a7b8cf1e0b57631d9", "deprecated": false, "signature_version": "v1", "target": { "file": "system/stack/btm/btm_sec.cc" }, "signature_type": "Line" }, { "digest": { "length": 3064.0, "function_hash": "7543547725549122498057745148487987420" }, "id": "ASB-A-294854926-c18f368c", "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/916b6d3899908ed09f81be131e48933637e4c9ef", "deprecated": false, "signature_version": "v1", "target": { "file": "system/stack/btm/btm_sec.cc", "function": "btm_sec_execute_procedure" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "327726614591132955930433172871099717903", "197930606696217597035208074150621772822", "166794929128900300915561907345180701273", "164199376099043487722114674449096514495", "23620032038652460826050081495759217785", "297213598390837072291132050047395006129", "327221696050590702682098809278413926844", "258687265015304540196780716216700072890", "320361581108495589074678686765361193246", "336571227219424925835724995270954847657", "115427643381435667709037331751617952024", "29553329085620064767598501518369690775", "170522308103141478552028082718541408689" ] }, "id": "ASB-A-294854926-e079b535", "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/1f08f638c91169df84a43b6cd4e04d1aa3a5d554", "deprecated": false, "signature_version": "v1", "target": { "file": "system/stack/btm/btm_sec.cc" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/1f08f638c91169df84a43b6cd4e04d1aa3a5d554", "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/47e6e149f1d4dc557e10033ac9b147d24b37bea9", "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/c11c2a2bead295edf18cecf682255a498e84133a", "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/916b6d3899908ed09f81be131e48933637e4c9ef", "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/7db69a79091ec0199ddbac2a7b8cf1e0b57631d9" ], "spl": "2023-12-05", "severity": "Critical", "types": [ "EoP" ] }