ASB-A-364026473

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-364026473.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-364026473
Aliases
  • A-364026473
  • CVE-2024-43770
Published
2025-01-01T00:00:00Z
Modified
2025-02-06T03:34:06Z
Summary
[none]
Details

In gattsprocessfindinfo of gattsr.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/packages/modules/Bluetooth

Affected ranges

Type
ECOSYSTEM
Events
Introduced
15-next:0
Fixed
15-next:2025-01-01

Affected versions

Other

15-next

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "73195809151671638912021880081212524930",
                    "166502590214268424367121578547746522305",
                    "247706984838498109398675757824649790753",
                    "315019094983899779418568733552817699748",
                    "83762924092308347658617299944389919479",
                    "254902864810161459416971793163088546379",
                    "196178134462344522814176753984460788197",
                    "279622060697144804304625180375643630946",
                    "223477382937635419669272203771965103767",
                    "1960198259503915119967230187628605704",
                    "66254350827859887876499744116862209316",
                    "262806853860335332372772791548586258965",
                    "150611675201788300272142464243413304173"
                ]
            },
            "id": "ASB-A-364026473-17a826f7",
            "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/7de5617f7d5266fe57c990c428621b5d4e92728a",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "system/stack/gatt/gatt_sr.cc"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 1324.0,
                "function_hash": "140878766634733266954635798763519620581"
            },
            "id": "ASB-A-364026473-3827c5ea",
            "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/7de5617f7d5266fe57c990c428621b5d4e92728a",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "system/stack/gatt/gatt_sr.cc",
                "function": "gatts_process_primary_service_req"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 1717.0,
                "function_hash": "248491112306616213556074563010930516473"
            },
            "id": "ASB-A-364026473-3ff0fad8",
            "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/7de5617f7d5266fe57c990c428621b5d4e92728a",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "system/stack/gatt/gatt_sr.cc",
                "function": "gatts_process_read_by_type_req"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 1157.0,
                "function_hash": "69665958368321808384825513943432689445"
            },
            "id": "ASB-A-364026473-b43efdf5",
            "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/7de5617f7d5266fe57c990c428621b5d4e92728a",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "system/stack/gatt/gatt_sr.cc",
                "function": "gatts_process_read_req"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 1017.0,
                "function_hash": "324626715642112619947952676342156858113"
            },
            "id": "ASB-A-364026473-ba6220ee",
            "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/7de5617f7d5266fe57c990c428621b5d4e92728a",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "system/stack/gatt/gatt_sr.cc",
                "function": "gatts_process_find_info"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/7de5617f7d5266fe57c990c428621b5d4e92728a"
    ],
    "spl": "2025-01-01",
    "severity": "Critical",
    "types": [
        "RCE"
    ]
}

Android / platform/system/bt

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12:0
Fixed
12:2025-01-01

Affected versions

Other

12

Ecosystem specific

{
    "fixes": [
        "https://android.googlesource.com/platform/system/bt/+/7e5f45df8880293e1ab40367670d1a8959a542f9"
    ],
    "spl": "2025-01-01",
    "severity": "Critical",
    "types": [
        "RCE"
    ]
}

Android / platform/system/bt

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12L:0
Fixed
12L:2025-01-01

Affected versions

Other

12L

Ecosystem specific

{
    "fixes": [
        "https://android.googlesource.com/platform/system/bt/+/7e5f45df8880293e1ab40367670d1a8959a542f9"
    ],
    "spl": "2025-01-01",
    "severity": "Critical",
    "types": [
        "RCE"
    ]
}

Android / platform/packages/modules/Bluetooth

Affected ranges

Type
ECOSYSTEM
Events
Introduced
15:0
Fixed
15:2025-01-01

Affected versions

Other

15

Ecosystem specific

{
    "fixes": [
        "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/84ea459acaf3c6e7215e044e59dc3e9187f1f7b8"
    ],
    "spl": "2025-01-01",
    "severity": "Critical",
    "types": [
        "RCE"
    ]
}

Android / platform/packages/modules/Bluetooth

Affected ranges

Type
ECOSYSTEM
Events
Introduced
13:0
Fixed
13:2025-01-01

Affected versions

Other

13

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 1709.0,
                "function_hash": "59907721387275796891791880982636164831"
            },
            "id": "ASB-A-364026473-80714ab1",
            "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/2fc3087b9ac3019518c6ceb8a64d181d6bb04907",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "system/stack/gatt/gatt_sr.cc",
                "function": "gatts_process_read_by_type_req"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 1013.0,
                "function_hash": "268512766584913294539741796509741126456"
            },
            "id": "ASB-A-364026473-83af7302",
            "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/2fc3087b9ac3019518c6ceb8a64d181d6bb04907",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "system/stack/gatt/gatt_sr.cc",
                "function": "gatts_process_find_info"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 1228.0,
                "function_hash": "10210466590019957247735252267736265287"
            },
            "id": "ASB-A-364026473-a0478448",
            "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/2fc3087b9ac3019518c6ceb8a64d181d6bb04907",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "system/stack/gatt/gatt_sr.cc",
                "function": "gatts_process_read_req"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "196188171440176825939806200179255172593",
                    "1343846276710123130481317655775445976",
                    "162707953477914375301304852354564105157",
                    "237632184094319759594373126038928156",
                    "73412303094902604806141279010004724322",
                    "213793042301422949472188878356196466428",
                    "274459867152185406121724678773523115431",
                    "192696816679659929020304638215736036804",
                    "133504366274441222416588714725015718987",
                    "21203466509074868465527884809617529072",
                    "194708559555065354067195318099669152827",
                    "318666791156319226780322955888919039055",
                    "244954544663744206864763512961316080849"
                ]
            },
            "id": "ASB-A-364026473-ab8983b1",
            "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/2fc3087b9ac3019518c6ceb8a64d181d6bb04907",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "system/stack/gatt/gatt_sr.cc"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 1372.0,
                "function_hash": "295457614205376007172365195382679517796"
            },
            "id": "ASB-A-364026473-b03cbff8",
            "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/2fc3087b9ac3019518c6ceb8a64d181d6bb04907",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "system/stack/gatt/gatt_sr.cc",
                "function": "gatts_process_primary_service_req"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/2fc3087b9ac3019518c6ceb8a64d181d6bb04907"
    ],
    "spl": "2025-01-01",
    "severity": "Critical",
    "types": [
        "RCE"
    ]
}

Android / platform/packages/modules/Bluetooth

Affected ranges

Type
ECOSYSTEM
Events
Introduced
14:0
Fixed
14:2025-01-01

Affected versions

Other

14

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "196188171440176825939806200179255172593",
                    "1343846276710123130481317655775445976",
                    "162707953477914375301304852354564105157",
                    "237632184094319759594373126038928156",
                    "73412303094902604806141279010004724322",
                    "213793042301422949472188878356196466428",
                    "274459867152185406121724678773523115431",
                    "192696816679659929020304638215736036804",
                    "133504366274441222416588714725015718987",
                    "21203466509074868465527884809617529072",
                    "194708559555065354067195318099669152827",
                    "318666791156319226780322955888919039055",
                    "244954544663744206864763512961316080849"
                ]
            },
            "id": "ASB-A-364026473-191eca3b",
            "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/2fc3087b9ac3019518c6ceb8a64d181d6bb04907",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "system/stack/gatt/gatt_sr.cc"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 1228.0,
                "function_hash": "10210466590019957247735252267736265287"
            },
            "id": "ASB-A-364026473-44e14824",
            "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/2fc3087b9ac3019518c6ceb8a64d181d6bb04907",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "system/stack/gatt/gatt_sr.cc",
                "function": "gatts_process_read_req"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 1013.0,
                "function_hash": "268512766584913294539741796509741126456"
            },
            "id": "ASB-A-364026473-4638b31c",
            "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/2fc3087b9ac3019518c6ceb8a64d181d6bb04907",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "system/stack/gatt/gatt_sr.cc",
                "function": "gatts_process_find_info"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 1709.0,
                "function_hash": "59907721387275796891791880982636164831"
            },
            "id": "ASB-A-364026473-ace40604",
            "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/2fc3087b9ac3019518c6ceb8a64d181d6bb04907",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "system/stack/gatt/gatt_sr.cc",
                "function": "gatts_process_read_by_type_req"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 1372.0,
                "function_hash": "295457614205376007172365195382679517796"
            },
            "id": "ASB-A-364026473-c96609ee",
            "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/2fc3087b9ac3019518c6ceb8a64d181d6bb04907",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "system/stack/gatt/gatt_sr.cc",
                "function": "gatts_process_primary_service_req"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/2fc3087b9ac3019518c6ceb8a64d181d6bb04907"
    ],
    "spl": "2025-01-01",
    "severity": "Critical",
    "types": [
        "RCE"
    ]
}