In smpprocsecreq of smpact.cc, there is a possible out of bounds read due to improper input validation. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
{ "fixes": [ "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/f20a759c149b739f8dfc3790287ad1b954115c18" ], "severity": "High", "types": [ "ID" ], "spl": "2024-03-01", "vanir_signatures": [ { "target": { "file": "system/stack/smp/smp_act.cc", "function": "smp_proc_sec_req" }, "id": "ASB-A-300903400-24c830f9", "deprecated": false, "digest": { "function_hash": "318216611240446292738758200872593789098", "length": 1057.0 }, "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/f20a759c149b739f8dfc3790287ad1b954115c18", "signature_type": "Function", "signature_version": "v1" }, { "target": { "file": "system/stack/smp/smp_act.cc" }, "id": "ASB-A-300903400-d89584bd", "deprecated": false, "digest": { "threshold": 0.9, "line_hashes": [ "68935296598475382429362722327325645352", "324763877670166220684932851905200955893", "55483643642204500388893954441248006011", "258959201356652833291423250563927550339" ] }, "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/f20a759c149b739f8dfc3790287ad1b954115c18", "signature_type": "Line", "signature_version": "v1" } ] }
{ "fixes": [ "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/a4704e7519d0a02c1caf8b4d8ed874bc201a4b91" ], "severity": "High", "types": [ "ID" ], "spl": "2024-03-01", "vanir_signatures": [ { "target": { "file": "system/stack/smp/smp_act.cc" }, "id": "ASB-A-300903400-30a98fd7", "deprecated": false, "digest": { "threshold": 0.9, "line_hashes": [ "68935296598475382429362722327325645352", "324763877670166220684932851905200955893", "55483643642204500388893954441248006011", "258959201356652833291423250563927550339" ] }, "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/a4704e7519d0a02c1caf8b4d8ed874bc201a4b91", "signature_type": "Line", "signature_version": "v1" }, { "target": { "file": "system/stack/smp/smp_act.cc", "function": "smp_proc_sec_req" }, "id": "ASB-A-300903400-76e4bf8b", "deprecated": false, "digest": { "function_hash": "222252477408246620080554891409417581317", "length": 1052.0 }, "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/a4704e7519d0a02c1caf8b4d8ed874bc201a4b91", "signature_type": "Function", "signature_version": "v1" } ] }
{ "fixes": [ "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/a4704e7519d0a02c1caf8b4d8ed874bc201a4b91" ], "severity": "High", "types": [ "ID" ], "spl": "2024-03-01", "vanir_signatures": [ { "target": { "file": "system/stack/smp/smp_act.cc", "function": "smp_proc_sec_req" }, "id": "ASB-A-300903400-8ce7c1c8", "deprecated": false, "digest": { "function_hash": "222252477408246620080554891409417581317", "length": 1052.0 }, "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/a4704e7519d0a02c1caf8b4d8ed874bc201a4b91", "signature_type": "Function", "signature_version": "v1" }, { "target": { "file": "system/stack/smp/smp_act.cc" }, "id": "ASB-A-300903400-cf76f0fc", "deprecated": false, "digest": { "threshold": 0.9, "line_hashes": [ "68935296598475382429362722327325645352", "324763877670166220684932851905200955893", "55483643642204500388893954441248006011", "258959201356652833291423250563927550339" ] }, "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/a4704e7519d0a02c1caf8b4d8ed874bc201a4b91", "signature_type": "Line", "signature_version": "v1" } ] }