ASB-A-323850943
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-323850943.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-323850943
- Aliases
-
- A-323850943
- CVE-2024-43096
- Published
- 2025-01-01T00:00:00Z
- Modified
- 2026-04-17T15:55:28.020024Z
- Summary
- [none]
- Details
-
In buildreadmultirsp of gattsr.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android
platform/packages/modules/Bluetooth
Package
- Name
- platform/packages/modules/Bluetooth
Ecosystem specific
{
"severity": "Critical",
"fixes": [
"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/cad927034a371b82a4a07a16ec442eb261f6153f"
],
"spl": "2025-01-01",
"vanir_signatures": [
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/cad927034a371b82a4a07a16ec442eb261f6153f",
"target": {
"file": "system/stack/eatt/eatt.h"
},
"deprecated": false,
"digest": {
"line_hashes": [
"78285213672218947306208345211655983105",
"183433225229324617196135444544056191152",
"219600331381263172774379618387353468820",
"44643297489575056203030606925251196432"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "ASB-A-323850943-1b068b74"
},
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/cad927034a371b82a4a07a16ec442eb261f6153f",
"target": {
"file": "system/stack/gatt/gatt_sr.cc"
},
"deprecated": false,
"digest": {
"line_hashes": [
"28540336744497903520400251666372907305",
"86831248994667678226772388699402668801",
"30989956938485687381134677525868900142"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "ASB-A-323850943-727979f1"
},
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/cad927034a371b82a4a07a16ec442eb261f6153f",
"target": {
"function": "build_read_multi_rsp",
"file": "system/stack/gatt/gatt_sr.cc"
},
"deprecated": false,
"digest": {
"function_hash": "189499681506240789787627312582502714293",
"length": 2004.0
},
"signature_type": "Function",
"id": "ASB-A-323850943-778d3873"
}
],
"types": [
"RCE"
]
}platform/system/bt
platform/system/bt
platform/packages/modules/Bluetooth
platform/packages/modules/Bluetooth
Package
- Name
- platform/packages/modules/Bluetooth
Ecosystem specific
{
"severity": "Critical",
"fixes": [
"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/e5ab6c617683a00c4e2996f1bc15c4c6e7f70f48"
],
"spl": "2025-01-01",
"vanir_signatures": [
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/e5ab6c617683a00c4e2996f1bc15c4c6e7f70f48",
"target": {
"function": "build_read_multi_rsp",
"file": "system/stack/gatt/gatt_sr.cc"
},
"deprecated": false,
"digest": {
"function_hash": "232795977407513798786932719878707408517",
"length": 2044.0
},
"signature_type": "Function",
"id": "ASB-A-323850943-6a4659a3"
},
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/e5ab6c617683a00c4e2996f1bc15c4c6e7f70f48",
"target": {
"file": "system/stack/gatt/gatt_sr.cc"
},
"deprecated": false,
"digest": {
"line_hashes": [
"28540336744497903520400251666372907305",
"86831248994667678226772388699402668801",
"30989956938485687381134677525868900142"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "ASB-A-323850943-912ba8bd"
},
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/e5ab6c617683a00c4e2996f1bc15c4c6e7f70f48",
"target": {
"file": "system/stack/eatt/eatt.h"
},
"deprecated": false,
"digest": {
"line_hashes": [
"78285213672218947306208345211655983105",
"183433225229324617196135444544056191152",
"219600331381263172774379618387353468820",
"44643297489575056203030606925251196432"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "ASB-A-323850943-dddab008"
}
],
"types": [
"RCE"
]
}platform/packages/modules/Bluetooth
Package
- Name
- platform/packages/modules/Bluetooth
Ecosystem specific
{
"severity": "Critical",
"fixes": [
"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/e5ab6c617683a00c4e2996f1bc15c4c6e7f70f48"
],
"spl": "2025-01-01",
"vanir_signatures": [
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/e5ab6c617683a00c4e2996f1bc15c4c6e7f70f48",
"target": {
"file": "system/stack/gatt/gatt_sr.cc"
},
"deprecated": false,
"digest": {
"line_hashes": [
"28540336744497903520400251666372907305",
"86831248994667678226772388699402668801",
"30989956938485687381134677525868900142"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "ASB-A-323850943-3097b1ae"
},
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/e5ab6c617683a00c4e2996f1bc15c4c6e7f70f48",
"target": {
"function": "build_read_multi_rsp",
"file": "system/stack/gatt/gatt_sr.cc"
},
"deprecated": false,
"digest": {
"function_hash": "232795977407513798786932719878707408517",
"length": 2044.0
},
"signature_type": "Function",
"id": "ASB-A-323850943-477106bc"
},
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/e5ab6c617683a00c4e2996f1bc15c4c6e7f70f48",
"target": {
"file": "system/stack/eatt/eatt.h"
},
"deprecated": false,
"digest": {
"line_hashes": [
"78285213672218947306208345211655983105",
"183433225229324617196135444544056191152",
"219600331381263172774379618387353468820",
"44643297489575056203030606925251196432"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "ASB-A-323850943-e1ee1b50"
}
],
"types": [
"RCE"
]
}