ASB-A-374746961
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-374746961.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-374746961
- Aliases
-
- A-374746961
- CVE-2025-48593
- Published
- 2025-11-01T00:00:00Z
- Modified
- 2025-11-05T16:30:26.460762Z
- Summary
- [none]
- Details
-
In btahfclientcbinit of btahfclient_main.cc, there is a possible remote code execution due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android
platform/packages/modules/Bluetooth
Package
- Name
- platform/packages/modules/Bluetooth
Ecosystem specific
{
"types": [
"RCE"
],
"severity": "Critical",
"spl": "2025-11-01",
"vanir_signatures": [
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "107145133131574323980814093626681838473",
"length": 3726.0
},
"target": {
"function": "process_service_search_attr_rsp",
"file": "system/stack/sdp/sdp_discovery.cc"
},
"id": "ASB-A-374746961-0e6ffe0c",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/ba1083bc3d6f8a4badf9dbbb039d404f019d3762",
"signature_type": "Function"
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"112021377856580551342925629428490151059",
"30112681536051398625177216803906424137",
"12438847941183059645245926359669460603",
"317394253551519436069397578682271416074"
]
},
"target": {
"file": "system/bta/hf_client/bta_hf_client_main.cc"
},
"id": "ASB-A-374746961-21ca76fd",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/b8153e05d0b9224feb0ace8c24eeeadc80e4dffc",
"signature_type": "Line"
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"238804026459895453022913362086056890205",
"278263052649932044669483512920124165617",
"288555408591286364727192790415508178976",
"310239700993686457384113902038759571576",
"140148350515235154336719368798111519292"
]
},
"target": {
"file": "system/stack/sdp/sdp_discovery.cc"
},
"id": "ASB-A-374746961-29ac221d",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/ba1083bc3d6f8a4badf9dbbb039d404f019d3762",
"signature_type": "Line"
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "58992582756399090722116609625383750269",
"length": 363.0
},
"target": {
"function": "bta_hf_client_cb_init",
"file": "system/bta/hf_client/bta_hf_client_main.cc"
},
"id": "ASB-A-374746961-3a60a8e0",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/b8153e05d0b9224feb0ace8c24eeeadc80e4dffc",
"signature_type": "Function"
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"69891922723882410243655355263612687878",
"56173627238953161318044190149834911610",
"196350850735753420233486329339095753372",
"45045635631960233752973807711477206008",
"154508099774817316785668635488472156498"
]
},
"target": {
"file": "system/bta/hf_client/bta_hf_client_main.cc"
},
"id": "ASB-A-374746961-5172bc8b",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/ba1083bc3d6f8a4badf9dbbb039d404f019d3762",
"signature_type": "Line"
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "7602246884007681727179432016334213402",
"length": 1747.0
},
"target": {
"function": "bta_hf_client_do_disc",
"file": "system/bta/hf_client/bta_hf_client_sdp.cc"
},
"id": "ASB-A-374746961-57070070",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/ba1083bc3d6f8a4badf9dbbb039d404f019d3762",
"signature_type": "Function"
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "229622808918631679597329310342793922823",
"length": 708.0
},
"target": {
"function": "bta_hf_client_cb_init",
"file": "system/bta/hf_client/bta_hf_client_main.cc"
},
"id": "ASB-A-374746961-a6512d56",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/ba1083bc3d6f8a4badf9dbbb039d404f019d3762",
"signature_type": "Function"
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"214139034142327915822072969261211902385",
"89198987951694386994374981713156137678",
"275455677005498114417438064572795189666",
"5518885018645912677899697861766934015",
"309146401325579449020992180879533876831"
]
},
"target": {
"file": "system/bta/hf_client/bta_hf_client_sdp.cc"
},
"id": "ASB-A-374746961-f753ca8d",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/ba1083bc3d6f8a4badf9dbbb039d404f019d3762",
"signature_type": "Line"
}
],
"fixes": [
"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/b8153e05d0b9224feb0ace8c24eeeadc80e4dffc",
"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/ba1083bc3d6f8a4badf9dbbb039d404f019d3762"
]
}platform/packages/modules/Bluetooth
Package
- Name
- platform/packages/modules/Bluetooth
Ecosystem specific
{
"types": [
"RCE"
],
"severity": "Critical",
"spl": "2025-11-01",
"vanir_signatures": [
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"30112681536051398625177216803906424137",
"12438847941183059645245926359669460603",
"317394253551519436069397578682271416074"
]
},
"target": {
"file": "system/bta/hf_client/bta_hf_client_main.cc"
},
"id": "ASB-A-374746961-6894a181",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/a9518fe2c686de00320981567a2667de490de903",
"signature_type": "Line"
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "58992582756399090722116609625383750269",
"length": 363.0
},
"target": {
"function": "bta_hf_client_cb_init",
"file": "system/bta/hf_client/bta_hf_client_main.cc"
},
"id": "ASB-A-374746961-9ff9bc46",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/a9518fe2c686de00320981567a2667de490de903",
"signature_type": "Function"
}
],
"fixes": [
"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/a9518fe2c686de00320981567a2667de490de903"
]
}platform/packages/modules/Bluetooth
Package
- Name
- platform/packages/modules/Bluetooth
Ecosystem specific
{
"types": [
"RCE"
],
"severity": "Critical",
"spl": "2025-11-01",
"vanir_signatures": [
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "39330477219114763862282159697897214578",
"length": 3688.0
},
"target": {
"function": "process_service_search_attr_rsp",
"file": "system/stack/sdp/sdp_discovery.cc"
},
"id": "ASB-A-374746961-1e05f2da",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/6649ae8e46295770fc7612f49e00e8fdf23893fb",
"signature_type": "Function"
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "61077456274194582509773685081088371368",
"length": 701.0
},
"target": {
"function": "bta_hf_client_cb_init",
"file": "system/bta/hf_client/bta_hf_client_main.cc"
},
"id": "ASB-A-374746961-57afee31",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/6649ae8e46295770fc7612f49e00e8fdf23893fb",
"signature_type": "Function"
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"214139034142327915822072969261211902385",
"89198987951694386994374981713156137678",
"275455677005498114417438064572795189666",
"5518885018645912677899697861766934015",
"309146401325579449020992180879533876831"
]
},
"target": {
"file": "system/bta/hf_client/bta_hf_client_sdp.cc"
},
"id": "ASB-A-374746961-69aaafc1",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/6649ae8e46295770fc7612f49e00e8fdf23893fb",
"signature_type": "Line"
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"69891922723882410243655355263612687878",
"56173627238953161318044190149834911610",
"196350850735753420233486329339095753372",
"45045635631960233752973807711477206008",
"154508099774817316785668635488472156498"
]
},
"target": {
"file": "system/bta/hf_client/bta_hf_client_main.cc"
},
"id": "ASB-A-374746961-74996092",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/6649ae8e46295770fc7612f49e00e8fdf23893fb",
"signature_type": "Line"
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"238804026459895453022913362086056890205",
"278263052649932044669483512920124165617",
"288555408591286364727192790415508178976",
"310239700993686457384113902038759571576",
"140148350515235154336719368798111519292"
]
},
"target": {
"file": "system/stack/sdp/sdp_discovery.cc"
},
"id": "ASB-A-374746961-a8e13539",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/6649ae8e46295770fc7612f49e00e8fdf23893fb",
"signature_type": "Line"
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "7602246884007681727179432016334213402",
"length": 1747.0
},
"target": {
"function": "bta_hf_client_do_disc",
"file": "system/bta/hf_client/bta_hf_client_sdp.cc"
},
"id": "ASB-A-374746961-f3ee83e2",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/6649ae8e46295770fc7612f49e00e8fdf23893fb",
"signature_type": "Function"
}
],
"fixes": [
"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/6649ae8e46295770fc7612f49e00e8fdf23893fb"
]
}platform/packages/modules/Bluetooth
Package
- Name
- platform/packages/modules/Bluetooth
Ecosystem specific
{
"types": [
"RCE"
],
"severity": "Critical",
"spl": "2025-11-01",
"vanir_signatures": [
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "64371983548356079783213996724393721879",
"length": 370.0
},
"target": {
"function": "bta_hf_client_cb_init",
"file": "system/bta/hf_client/bta_hf_client_main.cc"
},
"id": "ASB-A-374746961-969e0308",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/6c84125d5b048d05a24b9805e5d3792edd8e5629",
"signature_type": "Function"
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"30112681536051398625177216803906424137",
"12438847941183059645245926359669460603",
"317394253551519436069397578682271416074"
]
},
"target": {
"file": "system/bta/hf_client/bta_hf_client_main.cc"
},
"id": "ASB-A-374746961-f02df084",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/6c84125d5b048d05a24b9805e5d3792edd8e5629",
"signature_type": "Line"
}
],
"fixes": [
"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/6c84125d5b048d05a24b9805e5d3792edd8e5629"
]
}platform/packages/modules/Bluetooth
Package
- Name
- platform/packages/modules/Bluetooth
Ecosystem specific
{
"types": [
"RCE"
],
"severity": "Critical",
"spl": "2025-11-01",
"vanir_signatures": [
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "64371983548356079783213996724393721879",
"length": 370.0
},
"target": {
"function": "bta_hf_client_cb_init",
"file": "system/bta/hf_client/bta_hf_client_main.cc"
},
"id": "ASB-A-374746961-31754383",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/5982fb459df4d62606ab21582a6f53c926f7bb2c",
"signature_type": "Function"
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"30112681536051398625177216803906424137",
"12438847941183059645245926359669460603",
"317394253551519436069397578682271416074"
]
},
"target": {
"file": "system/bta/hf_client/bta_hf_client_main.cc"
},
"id": "ASB-A-374746961-8178f6bb",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/5982fb459df4d62606ab21582a6f53c926f7bb2c",
"signature_type": "Line"
}
],
"fixes": [
"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/5982fb459df4d62606ab21582a6f53c926f7bb2c"
]
}