ASB-A-375396810
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-375396810.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-375396810
- Aliases
-
- A-375396810
- CVE-2025-22407
- Published
- 2025-03-01T00:00:00Z
- Modified
- 2026-04-17T15:55:28.020024Z
- Summary
- [none]
- Details
-
In hiddcheckconfigdone of hiddconn.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android / platform/packages/modules/Bluetooth
Package
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"length": 2448.0,
"function_hash": "211682704352143239582969659138051468098"
},
"id": "ASB-A-375396810-14a28aa1",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/00555617ddbbc1a19089104c084d14f465c971ce",
"target": {
"function": "process_service_search",
"file": "system/stack/sdp/sdp_server.cc"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"286492870679602804280964940989204901945",
"67110201630402263891771703272658454172",
"256109504533161345568861341919688005179",
"134700917868465397091104271083321682710",
"150656896105989019014209336970868281653",
"242968755299909932195285964837982845832",
"160892530356149352026281647557871454263",
"220186030684688752703802123991787488089"
]
},
"id": "ASB-A-375396810-25c463de",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/00555617ddbbc1a19089104c084d14f465c971ce",
"target": {
"file": "system/stack/rfcomm/rfc_ts_frames.cc"
}
},
{
"digest": {
"length": 5816.0,
"function_hash": "310920675969930511777141851498808176379"
},
"id": "ASB-A-375396810-2b94d904",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/00555617ddbbc1a19089104c084d14f465c971ce",
"target": {
"function": "process_service_attr_req",
"file": "system/stack/sdp/sdp_server.cc"
}
},
{
"digest": {
"length": 2674.0,
"function_hash": "205347561901463235834401272257821673301"
},
"id": "ASB-A-375396810-3926e970",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/00555617ddbbc1a19089104c084d14f465c971ce",
"target": {
"function": "process_service_attr_rsp",
"file": "system/stack/sdp/sdp_discovery.cc"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"142600366915217162261739578436175484793",
"255299789667415803693575933947461572783",
"106632307121245935338573268112607750018",
"269772223161259960096375348066468600541",
"269372604943126953834979591812938494537",
"144707340389045496811475387088503090325",
"121496720903623348799813417725012027760",
"317626365540118766860480187588170966381"
]
},
"id": "ASB-A-375396810-505f7b27",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/00555617ddbbc1a19089104c084d14f465c971ce",
"target": {
"file": "system/stack/avct/avct_lcb_act.cc"
}
},
{
"digest": {
"length": 602.0,
"function_hash": "75580304012516946551019259548117278475"
},
"id": "ASB-A-375396810-5ccf29e1",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/00555617ddbbc1a19089104c084d14f465c971ce",
"target": {
"function": "hidd_check_config_done",
"file": "system/stack/hid/hidd_conn.cc"
}
},
{
"digest": {
"length": 677.0,
"function_hash": "12673076343507638312812824653104382089"
},
"id": "ASB-A-375396810-65da7ada",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/00555617ddbbc1a19089104c084d14f465c971ce",
"target": {
"function": "bnepu_check_send_packet",
"file": "system/stack/bnep/bnep_utils.cc"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"149272764073703809669421546090731542086",
"132375438198367819111153161607144242575",
"186177419848916491106430461256472221809",
"173774141378478538531125887402733948298"
]
},
"id": "ASB-A-375396810-7a2462c1",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/00555617ddbbc1a19089104c084d14f465c971ce",
"target": {
"file": "system/stack/sdp/sdp_discovery.cc"
}
},
{
"digest": {
"length": 1581.0,
"function_hash": "298131935973619507107049381436297318889"
},
"id": "ASB-A-375396810-7c1040b7",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/00555617ddbbc1a19089104c084d14f465c971ce",
"target": {
"function": "avct_lcb_msg_ind",
"file": "system/stack/avct/avct_lcb_act.cc"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"74641538914346852857267348249740164903",
"293395952620485091978881415781896805742",
"266579781076762653552747380862386612904",
"310074054473201161610099806162878752225",
"42250379856589024969395104863387963094",
"1836413212261462881434922511270017843",
"339312077979917122918925805090104541575"
]
},
"id": "ASB-A-375396810-7ca19e21",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/00555617ddbbc1a19089104c084d14f465c971ce",
"target": {
"file": "system/stack/rfcomm/rfc_utils.cc"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"71016669386664999699571887293822839632",
"158418248385361645084367451181786161370",
"111150459039969148351689205583351752605",
"296544364640014085120524446797662561862",
"314269659719338931261932183198514959018",
"85671645750158290750940906116145001785",
"278689253255781974557001976675962955782",
"246299187267508569837624111916129823843"
]
},
"id": "ASB-A-375396810-7ff5ab72",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/00555617ddbbc1a19089104c084d14f465c971ce",
"target": {
"file": "system/stack/bnep/bnep_utils.cc"
}
},
{
"digest": {
"length": 676.0,
"function_hash": "253678056635035088504033523220752328234"
},
"id": "ASB-A-375396810-99e92726",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/00555617ddbbc1a19089104c084d14f465c971ce",
"target": {
"function": "rfc_check_send_cmd",
"file": "system/stack/rfcomm/rfc_utils.cc"
}
},
{
"digest": {
"length": 1251.0,
"function_hash": "91424337111038413579272907700077040308"
},
"id": "ASB-A-375396810-a1f3b7a5",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/00555617ddbbc1a19089104c084d14f465c971ce",
"target": {
"function": "rfc_send_buf_uih",
"file": "system/stack/rfcomm/rfc_ts_frames.cc"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"278719654710964618101210848754009275059",
"49885897274829998276364004515720726758",
"213786969092065232671792541435749925905",
"262713393390953510170728638432178916805",
"137174571306154522262397846868544064959",
"28344529003624627703427290036788761406",
"220186030684688752703802123991787488089"
]
},
"id": "ASB-A-375396810-a49c699b",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/00555617ddbbc1a19089104c084d14f465c971ce",
"target": {
"file": "system/stack/bnep/bnep_main.cc"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"21449444399169415137039231101742242443",
"60515099035128252460509346087551164686",
"254748262588180354977847863067803374759",
"6413842235703169635818426872924502154",
"21449444399169415137039231101742242443",
"60515099035128252460509346087551164686",
"254748262588180354977847863067803374759",
"312620671144370223027810779677125236580"
]
},
"id": "ASB-A-375396810-d9d36144",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/00555617ddbbc1a19089104c084d14f465c971ce",
"target": {
"file": "system/stack/sdp/sdp_server.cc"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"128323925956333047702747552450695125822",
"253537584789621024230809936703314682988",
"126526341276163702897146843989459870879",
"109389038437024207784949494393571815066",
"174444684524383211097674842390477420011",
"275284755790749135861706596144142952317",
"123851060640754868022270066786042676363",
"65495981240995975797575921080681322630"
]
},
"id": "ASB-A-375396810-ebe093a2",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/00555617ddbbc1a19089104c084d14f465c971ce",
"target": {
"file": "system/stack/hid/hidd_conn.cc"
}
},
{
"digest": {
"length": 900.0,
"function_hash": "41505479305311525475484895086379786917"
},
"id": "ASB-A-375396810-f2fae6b7",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/00555617ddbbc1a19089104c084d14f465c971ce",
"target": {
"function": "bnep_congestion_ind",
"file": "system/stack/bnep/bnep_main.cc"
}
}
],
"fixes": [
"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/00555617ddbbc1a19089104c084d14f465c971ce"
],
"types": [
"ID"
],
"spl": "2025-03-01",
"severity": "High"
}
Android / platform/packages/modules/Bluetooth
Package
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"length": 617.0,
"function_hash": "321200814064128877042672082823264823858"
},
"id": "ASB-A-375396810-04d03211",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/43cfd234de9ba9557118b0014513269cc1aeefda",
"target": {
"function": "rfc_check_send_cmd",
"file": "system/stack/rfcomm/rfc_utils.cc"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"91418632319498322876677883531524763797",
"9566919150869272321742117416091613434",
"254748262588180354977847863067803374759",
"95705185445191313933742018616909606092",
"91418632319498322876677883531524763797",
"9566919150869272321742117416091613434",
"254748262588180354977847863067803374759",
"192087470961399380878501811772055348289"
]
},
"id": "ASB-A-375396810-2aea7575",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/43cfd234de9ba9557118b0014513269cc1aeefda",
"target": {
"file": "system/stack/sdp/sdp_server.cc"
}
},
{
"digest": {
"length": 1196.0,
"function_hash": "97950963671516076722907839761488627701"
},
"id": "ASB-A-375396810-47cdd9bf",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/43cfd234de9ba9557118b0014513269cc1aeefda",
"target": {
"function": "rfc_send_buf_uih",
"file": "system/stack/rfcomm/rfc_ts_frames.cc"
}
},
{
"digest": {
"length": 5998.0,
"function_hash": "73697139206039476712285903623227021937"
},
"id": "ASB-A-375396810-6d42be5f",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/43cfd234de9ba9557118b0014513269cc1aeefda",
"target": {
"function": "process_service_attr_req",
"file": "system/stack/sdp/sdp_server.cc"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"299451248804576891787932252786131493340",
"192083520513499272022928318348902377499",
"79511065831158490707500604246310708319",
"304762324907287739139098819688307468929",
"195168152284684033935047996135140923235",
"1836413212261462881434922511270017843",
"310857444648749042189900469046990731281"
]
},
"id": "ASB-A-375396810-7a411eb4",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/43cfd234de9ba9557118b0014513269cc1aeefda",
"target": {
"file": "system/stack/rfcomm/rfc_utils.cc"
}
},
{
"digest": {
"length": 2544.0,
"function_hash": "135461965972903847797979952307998347766"
},
"id": "ASB-A-375396810-7dcb9945",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/43cfd234de9ba9557118b0014513269cc1aeefda",
"target": {
"function": "process_service_attr_rsp",
"file": "system/stack/sdp/sdp_discovery.cc"
}
},
{
"digest": {
"length": 2294.0,
"function_hash": "46563877092635324401260374702719991207"
},
"id": "ASB-A-375396810-860cf7ea",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/43cfd234de9ba9557118b0014513269cc1aeefda",
"target": {
"function": "process_service_search",
"file": "system/stack/sdp/sdp_server.cc"
}
},
{
"digest": {
"length": 622.0,
"function_hash": "285997084590554510617268480406656919495"
},
"id": "ASB-A-375396810-9ad5621e",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/43cfd234de9ba9557118b0014513269cc1aeefda",
"target": {
"function": "bnepu_check_send_packet",
"file": "system/stack/bnep/bnep_utils.cc"
}
},
{
"digest": {
"length": 1505.0,
"function_hash": "67090635879745761987134938786039020001"
},
"id": "ASB-A-375396810-9c4f8733",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/43cfd234de9ba9557118b0014513269cc1aeefda",
"target": {
"function": "avct_lcb_msg_ind",
"file": "system/stack/avct/avct_lcb_act.cc"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"250317447892411460895860938264291182803",
"167288907091122585214705296993377740906",
"320217447774151956406964022062422034648",
"307622193380667158305078197192178528596"
]
},
"id": "ASB-A-375396810-a3166250",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/43cfd234de9ba9557118b0014513269cc1aeefda",
"target": {
"file": "system/stack/sdp/sdp_discovery.cc"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"286492870679602804280964940989204901945",
"211254896647837242848190817971513218553",
"207085936720236288918878956511547821502",
"129281804899115056214162404989653148181",
"321023820521853794160621058226240787268",
"160892530356149352026281647557871454263",
"64009599396143373018022061541708527060"
]
},
"id": "ASB-A-375396810-a4832bd8",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/43cfd234de9ba9557118b0014513269cc1aeefda",
"target": {
"file": "system/stack/rfcomm/rfc_ts_frames.cc"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"308105771725349232725393550909388403893",
"73734462354003377920339872300758312218",
"310280735229051794442434446013687597567",
"148345859783989005339004394524836323283",
"118296014518729984433001555325446521922",
"123851060640754868022270066786042676363",
"65495981240995975797575921080681322630"
]
},
"id": "ASB-A-375396810-ad7c336a",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/43cfd234de9ba9557118b0014513269cc1aeefda",
"target": {
"file": "system/stack/hid/hidd_conn.cc"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"6307759565825593520286495790524229088",
"93877622375622581870259841540856315783",
"195524062534868238641192477062326844709",
"74636732666957017306843496165923802965",
"28344529003624627703427290036788761406",
"257411923728504995207558690776844541915"
]
},
"id": "ASB-A-375396810-e1180a62",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/43cfd234de9ba9557118b0014513269cc1aeefda",
"target": {
"file": "system/stack/bnep/bnep_main.cc"
}
},
{
"digest": {
"length": 547.0,
"function_hash": "332861680645930691677172432150399466399"
},
"id": "ASB-A-375396810-e17bc2e2",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/43cfd234de9ba9557118b0014513269cc1aeefda",
"target": {
"function": "hidd_check_config_done",
"file": "system/stack/hid/hidd_conn.cc"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"71016669386664999699571887293822839632",
"231332232310912185559397053349975538853",
"182891246110962140004651294886308711034",
"23651705840465111356864563930574067669",
"227799907781282079513939111739443978695",
"278689253255781974557001976675962955782",
"24999513775547359467003169758767546009"
]
},
"id": "ASB-A-375396810-eb2f47f0",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/43cfd234de9ba9557118b0014513269cc1aeefda",
"target": {
"file": "system/stack/bnep/bnep_utils.cc"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"142600366915217162261739578436175484793",
"244890001589744207766774534847751829751",
"75374273305427944043031912133923820740",
"295105858449008142926915246922824497309",
"54354794193376802653588396451067552222",
"258256200696726803040811278432971517861",
"105993498725994113530876733006184989955"
]
},
"id": "ASB-A-375396810-f3ffebe3",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/43cfd234de9ba9557118b0014513269cc1aeefda",
"target": {
"file": "system/stack/avct/avct_lcb_act.cc"
}
},
{
"digest": {
"length": 841.0,
"function_hash": "304391834931304677978747202437246195863"
},
"id": "ASB-A-375396810-f926d9d6",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/43cfd234de9ba9557118b0014513269cc1aeefda",
"target": {
"function": "bnep_congestion_ind",
"file": "system/stack/bnep/bnep_main.cc"
}
}
],
"fixes": [
"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/43cfd234de9ba9557118b0014513269cc1aeefda"
],
"types": [
"ID"
],
"spl": "2025-03-01",
"severity": "High"
}