ASB-A-364025411
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-364025411.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-364025411
- Aliases
-
- A-364025411
- CVE-2024-49748
- Published
- 2025-01-01T00:00:00Z
- Modified
- 2025-12-03T16:51:34.471699Z
- Summary
- [none]
- Details
-
In gattsprocessprimaryservicereq of gatt_sr.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android
platform/packages/modules/Bluetooth
Package
- Name
- platform/packages/modules/Bluetooth
Ecosystem specific
{
"spl": "2025-01-01",
"severity": "Critical",
"fixes": [
"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/7de5617f7d5266fe57c990c428621b5d4e92728a"
],
"types": [
"RCE"
],
"vanir_signatures": [
{
"target": {
"file": "system/stack/gatt/gatt_sr.cc"
},
"signature_version": "v1",
"digest": {
"line_hashes": [
"73195809151671638912021880081212524930",
"166502590214268424367121578547746522305",
"247706984838498109398675757824649790753",
"315019094983899779418568733552817699748",
"83762924092308347658617299944389919479",
"254902864810161459416971793163088546379",
"196178134462344522814176753984460788197",
"279622060697144804304625180375643630946",
"223477382937635419669272203771965103767",
"1960198259503915119967230187628605704",
"66254350827859887876499744116862209316",
"262806853860335332372772791548586258965",
"150611675201788300272142464243413304173"
],
"threshold": 0.9
},
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/7de5617f7d5266fe57c990c428621b5d4e92728a",
"deprecated": false,
"id": "ASB-A-364025411-17a826f7",
"signature_type": "Line"
},
{
"target": {
"function": "gatts_process_primary_service_req",
"file": "system/stack/gatt/gatt_sr.cc"
},
"signature_version": "v1",
"digest": {
"length": 1324.0,
"function_hash": "140878766634733266954635798763519620581"
},
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/7de5617f7d5266fe57c990c428621b5d4e92728a",
"deprecated": false,
"id": "ASB-A-364025411-3827c5ea",
"signature_type": "Function"
},
{
"target": {
"function": "gatts_process_read_by_type_req",
"file": "system/stack/gatt/gatt_sr.cc"
},
"signature_version": "v1",
"digest": {
"length": 1717.0,
"function_hash": "248491112306616213556074563010930516473"
},
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/7de5617f7d5266fe57c990c428621b5d4e92728a",
"deprecated": false,
"id": "ASB-A-364025411-3ff0fad8",
"signature_type": "Function"
},
{
"target": {
"function": "gatts_process_read_req",
"file": "system/stack/gatt/gatt_sr.cc"
},
"signature_version": "v1",
"digest": {
"length": 1157.0,
"function_hash": "69665958368321808384825513943432689445"
},
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/7de5617f7d5266fe57c990c428621b5d4e92728a",
"deprecated": false,
"id": "ASB-A-364025411-b43efdf5",
"signature_type": "Function"
},
{
"target": {
"function": "gatts_process_find_info",
"file": "system/stack/gatt/gatt_sr.cc"
},
"signature_version": "v1",
"digest": {
"length": 1017.0,
"function_hash": "324626715642112619947952676342156858113"
},
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/7de5617f7d5266fe57c990c428621b5d4e92728a",
"deprecated": false,
"id": "ASB-A-364025411-ba6220ee",
"signature_type": "Function"
}
]
}platform/system/bt
Package
- Name
- platform/system/bt
platform/system/bt
Package
- Name
- platform/system/bt
platform/packages/modules/Bluetooth
Package
- Name
- platform/packages/modules/Bluetooth
platform/packages/modules/Bluetooth
Package
- Name
- platform/packages/modules/Bluetooth
Ecosystem specific
{
"spl": "2025-01-01",
"severity": "Critical",
"fixes": [
"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/2fc3087b9ac3019518c6ceb8a64d181d6bb04907"
],
"types": [
"RCE"
],
"vanir_signatures": [
{
"target": {
"function": "gatts_process_read_by_type_req",
"file": "system/stack/gatt/gatt_sr.cc"
},
"signature_version": "v1",
"digest": {
"length": 1709.0,
"function_hash": "59907721387275796891791880982636164831"
},
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/2fc3087b9ac3019518c6ceb8a64d181d6bb04907",
"deprecated": false,
"id": "ASB-A-364025411-80714ab1",
"signature_type": "Function"
},
{
"target": {
"function": "gatts_process_find_info",
"file": "system/stack/gatt/gatt_sr.cc"
},
"signature_version": "v1",
"digest": {
"length": 1013.0,
"function_hash": "268512766584913294539741796509741126456"
},
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/2fc3087b9ac3019518c6ceb8a64d181d6bb04907",
"deprecated": false,
"id": "ASB-A-364025411-83af7302",
"signature_type": "Function"
},
{
"target": {
"function": "gatts_process_read_req",
"file": "system/stack/gatt/gatt_sr.cc"
},
"signature_version": "v1",
"digest": {
"length": 1228.0,
"function_hash": "10210466590019957247735252267736265287"
},
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/2fc3087b9ac3019518c6ceb8a64d181d6bb04907",
"deprecated": false,
"id": "ASB-A-364025411-a0478448",
"signature_type": "Function"
},
{
"target": {
"file": "system/stack/gatt/gatt_sr.cc"
},
"signature_version": "v1",
"digest": {
"line_hashes": [
"196188171440176825939806200179255172593",
"1343846276710123130481317655775445976",
"162707953477914375301304852354564105157",
"237632184094319759594373126038928156",
"73412303094902604806141279010004724322",
"213793042301422949472188878356196466428",
"274459867152185406121724678773523115431",
"192696816679659929020304638215736036804",
"133504366274441222416588714725015718987",
"21203466509074868465527884809617529072",
"194708559555065354067195318099669152827",
"318666791156319226780322955888919039055",
"244954544663744206864763512961316080849"
],
"threshold": 0.9
},
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/2fc3087b9ac3019518c6ceb8a64d181d6bb04907",
"deprecated": false,
"id": "ASB-A-364025411-ab8983b1",
"signature_type": "Line"
},
{
"target": {
"function": "gatts_process_primary_service_req",
"file": "system/stack/gatt/gatt_sr.cc"
},
"signature_version": "v1",
"digest": {
"length": 1372.0,
"function_hash": "295457614205376007172365195382679517796"
},
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/2fc3087b9ac3019518c6ceb8a64d181d6bb04907",
"deprecated": false,
"id": "ASB-A-364025411-b03cbff8",
"signature_type": "Function"
}
]
}platform/packages/modules/Bluetooth
Package
- Name
- platform/packages/modules/Bluetooth
Ecosystem specific
{
"spl": "2025-01-01",
"severity": "Critical",
"fixes": [
"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/2fc3087b9ac3019518c6ceb8a64d181d6bb04907"
],
"types": [
"RCE"
],
"vanir_signatures": [
{
"target": {
"file": "system/stack/gatt/gatt_sr.cc"
},
"signature_version": "v1",
"digest": {
"line_hashes": [
"196188171440176825939806200179255172593",
"1343846276710123130481317655775445976",
"162707953477914375301304852354564105157",
"237632184094319759594373126038928156",
"73412303094902604806141279010004724322",
"213793042301422949472188878356196466428",
"274459867152185406121724678773523115431",
"192696816679659929020304638215736036804",
"133504366274441222416588714725015718987",
"21203466509074868465527884809617529072",
"194708559555065354067195318099669152827",
"318666791156319226780322955888919039055",
"244954544663744206864763512961316080849"
],
"threshold": 0.9
},
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/2fc3087b9ac3019518c6ceb8a64d181d6bb04907",
"deprecated": false,
"id": "ASB-A-364025411-191eca3b",
"signature_type": "Line"
},
{
"target": {
"function": "gatts_process_read_req",
"file": "system/stack/gatt/gatt_sr.cc"
},
"signature_version": "v1",
"digest": {
"length": 1228.0,
"function_hash": "10210466590019957247735252267736265287"
},
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/2fc3087b9ac3019518c6ceb8a64d181d6bb04907",
"deprecated": false,
"id": "ASB-A-364025411-44e14824",
"signature_type": "Function"
},
{
"target": {
"function": "gatts_process_find_info",
"file": "system/stack/gatt/gatt_sr.cc"
},
"signature_version": "v1",
"digest": {
"length": 1013.0,
"function_hash": "268512766584913294539741796509741126456"
},
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/2fc3087b9ac3019518c6ceb8a64d181d6bb04907",
"deprecated": false,
"id": "ASB-A-364025411-4638b31c",
"signature_type": "Function"
},
{
"target": {
"function": "gatts_process_read_by_type_req",
"file": "system/stack/gatt/gatt_sr.cc"
},
"signature_version": "v1",
"digest": {
"length": 1709.0,
"function_hash": "59907721387275796891791880982636164831"
},
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/2fc3087b9ac3019518c6ceb8a64d181d6bb04907",
"deprecated": false,
"id": "ASB-A-364025411-ace40604",
"signature_type": "Function"
},
{
"target": {
"function": "gatts_process_primary_service_req",
"file": "system/stack/gatt/gatt_sr.cc"
},
"signature_version": "v1",
"digest": {
"length": 1372.0,
"function_hash": "295457614205376007172365195382679517796"
},
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/2fc3087b9ac3019518c6ceb8a64d181d6bb04907",
"deprecated": false,
"id": "ASB-A-364025411-c96609ee",
"signature_type": "Function"
}
]
}