ASB-A-364025411
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-364025411.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-364025411
- Aliases
-
- A-364025411
- CVE-2024-49748
- Published
- 2025-01-01T00:00:00Z
- Modified
- 2025-01-13T21:12:09.620061Z
- Summary
- [none]
- Details
-
In gattsprocessprimaryservicereq of gatt_sr.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android / platform/packages/modules/Bluetooth
Package
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"73195809151671638912021880081212524930",
"166502590214268424367121578547746522305",
"247706984838498109398675757824649790753",
"315019094983899779418568733552817699748",
"83762924092308347658617299944389919479",
"254902864810161459416971793163088546379",
"196178134462344522814176753984460788197",
"279622060697144804304625180375643630946",
"223477382937635419669272203771965103767",
"1960198259503915119967230187628605704",
"66254350827859887876499744116862209316",
"262806853860335332372772791548586258965",
"150611675201788300272142464243413304173"
]
},
"id": "ASB-A-364025411-17a826f7",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/7de5617f7d5266fe57c990c428621b5d4e92728a",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "system/stack/gatt/gatt_sr.cc"
},
"signature_type": "Line"
},
{
"match_only_versions": [
"15-next"
],
"digest": {
"length": 1324.0,
"function_hash": "140878766634733266954635798763519620581"
},
"id": "ASB-A-364025411-3827c5ea",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/7de5617f7d5266fe57c990c428621b5d4e92728a",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "system/stack/gatt/gatt_sr.cc",
"function": "gatts_process_primary_service_req"
},
"signature_type": "Function"
},
{
"digest": {
"length": 1717.0,
"function_hash": "248491112306616213556074563010930516473"
},
"id": "ASB-A-364025411-3ff0fad8",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/7de5617f7d5266fe57c990c428621b5d4e92728a",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "system/stack/gatt/gatt_sr.cc",
"function": "gatts_process_read_by_type_req"
},
"signature_type": "Function"
},
{
"digest": {
"length": 1157.0,
"function_hash": "69665958368321808384825513943432689445"
},
"id": "ASB-A-364025411-b43efdf5",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/7de5617f7d5266fe57c990c428621b5d4e92728a",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "system/stack/gatt/gatt_sr.cc",
"function": "gatts_process_read_req"
},
"signature_type": "Function"
},
{
"digest": {
"length": 1017.0,
"function_hash": "324626715642112619947952676342156858113"
},
"id": "ASB-A-364025411-ba6220ee",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/7de5617f7d5266fe57c990c428621b5d4e92728a",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "system/stack/gatt/gatt_sr.cc",
"function": "gatts_process_find_info"
},
"signature_type": "Function"
}
],
"fixes": [
"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/7de5617f7d5266fe57c990c428621b5d4e92728a"
],
"spl": "2025-01-01",
"severity": "Critical",
"types": [
"RCE"
]
}