ASB-A-323850943
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-323850943.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-323850943
- Aliases
-
- A-323850943
- CVE-2024-43096
- Published
- 2025-01-01T00:00:00Z
- Modified
- 2025-01-13T21:12:09.098719Z
- Summary
- [none]
- Details
-
In buildreadmultirsp of gattsr.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android / platform/packages/modules/Bluetooth
Package
Ecosystem specific
{
"vanir_signatures": [
{
"match_only_versions": [
"15-next"
],
"digest": {
"threshold": 0.9,
"line_hashes": [
"78285213672218947306208345211655983105",
"183433225229324617196135444544056191152",
"219600331381263172774379618387353468820",
"44643297489575056203030606925251196432"
]
},
"id": "ASB-A-323850943-1b068b74",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/cad927034a371b82a4a07a16ec442eb261f6153f",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "system/stack/eatt/eatt.h"
},
"signature_type": "Line"
},
{
"match_only_versions": [
"15-next"
],
"digest": {
"threshold": 0.9,
"line_hashes": [
"28540336744497903520400251666372907305",
"86831248994667678226772388699402668801",
"30989956938485687381134677525868900142"
]
},
"id": "ASB-A-323850943-727979f1",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/cad927034a371b82a4a07a16ec442eb261f6153f",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "system/stack/gatt/gatt_sr.cc"
},
"signature_type": "Line"
},
{
"match_only_versions": [
"15-next"
],
"digest": {
"length": 2004.0,
"function_hash": "189499681506240789787627312582502714293"
},
"id": "ASB-A-323850943-778d3873",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/cad927034a371b82a4a07a16ec442eb261f6153f",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "system/stack/gatt/gatt_sr.cc",
"function": "build_read_multi_rsp"
},
"signature_type": "Function"
}
],
"fixes": [
"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/cad927034a371b82a4a07a16ec442eb261f6153f"
],
"spl": "2025-01-01",
"severity": "Critical",
"types": [
"RCE"
]
}
Android / platform/packages/modules/Bluetooth
Package
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"length": 2044.0,
"function_hash": "232795977407513798786932719878707408517"
},
"id": "ASB-A-323850943-6a4659a3",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/e5ab6c617683a00c4e2996f1bc15c4c6e7f70f48",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "system/stack/gatt/gatt_sr.cc",
"function": "build_read_multi_rsp"
},
"signature_type": "Function"
},
{
"match_only_versions": [
"13"
],
"digest": {
"threshold": 0.9,
"line_hashes": [
"28540336744497903520400251666372907305",
"86831248994667678226772388699402668801",
"30989956938485687381134677525868900142"
]
},
"id": "ASB-A-323850943-912ba8bd",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/e5ab6c617683a00c4e2996f1bc15c4c6e7f70f48",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "system/stack/gatt/gatt_sr.cc"
},
"signature_type": "Line"
},
{
"match_only_versions": [
"13"
],
"digest": {
"threshold": 0.9,
"line_hashes": [
"78285213672218947306208345211655983105",
"183433225229324617196135444544056191152",
"219600331381263172774379618387353468820",
"44643297489575056203030606925251196432"
]
},
"id": "ASB-A-323850943-dddab008",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/e5ab6c617683a00c4e2996f1bc15c4c6e7f70f48",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "system/stack/eatt/eatt.h"
},
"signature_type": "Line"
}
],
"fixes": [
"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/e5ab6c617683a00c4e2996f1bc15c4c6e7f70f48"
],
"spl": "2025-01-01",
"severity": "Critical",
"types": [
"RCE"
]
}
Android / platform/packages/modules/Bluetooth
Package
Ecosystem specific
{
"vanir_signatures": [
{
"match_only_versions": [
"14"
],
"digest": {
"threshold": 0.9,
"line_hashes": [
"28540336744497903520400251666372907305",
"86831248994667678226772388699402668801",
"30989956938485687381134677525868900142"
]
},
"id": "ASB-A-323850943-3097b1ae",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/e5ab6c617683a00c4e2996f1bc15c4c6e7f70f48",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "system/stack/gatt/gatt_sr.cc"
},
"signature_type": "Line"
},
{
"digest": {
"length": 2044.0,
"function_hash": "232795977407513798786932719878707408517"
},
"id": "ASB-A-323850943-477106bc",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/e5ab6c617683a00c4e2996f1bc15c4c6e7f70f48",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "system/stack/gatt/gatt_sr.cc",
"function": "build_read_multi_rsp"
},
"signature_type": "Function"
},
{
"match_only_versions": [
"14"
],
"digest": {
"threshold": 0.9,
"line_hashes": [
"78285213672218947306208345211655983105",
"183433225229324617196135444544056191152",
"219600331381263172774379618387353468820",
"44643297489575056203030606925251196432"
]
},
"id": "ASB-A-323850943-e1ee1b50",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/e5ab6c617683a00c4e2996f1bc15c4c6e7f70f48",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "system/stack/eatt/eatt.h"
},
"signature_type": "Line"
}
],
"fixes": [
"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/e5ab6c617683a00c4e2996f1bc15c4c6e7f70f48"
],
"spl": "2025-01-01",
"severity": "Critical",
"types": [
"RCE"
]
}