ASB-A-375409435

See a problem?

Import Source

https://storage.googleapis.com/android-osv/ASB-A-375409435.json

JSON Data

https://api.osv.dev/v1/vulns/ASB-A-375409435

Aliases

A-375409435
CVE-2025-22403

Published

2025-03-01T00:00:00Z

Modified

2026-04-17T15:55:28.020024Z

Summary

[none]

Details

In sdpsndservicesearchreq of sdp_discovery.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/packages/modules/Bluetooth

Package

Name: platform/packages/modules/Bluetooth

Affected ranges

Type: ECOSYSTEM
Events: Introduced

15-next:0

Fixed

15-next:2025-03-01

Affected versions

Other

15-next

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "185486579480985713112082667811722275236",
                    "17057568583745171272579259696309426503",
                    "80774933675077869032302284458860655476",
                    "115680520510039957212659840251882548952",
                    "149272764073703809669421546090731542086",
                    "132375438198367819111153161607144242575",
                    "186177419848916491106430461256472221809",
                    "250022138064522366207171179373555795389"
                ]
            },
            "id": "ASB-A-375409435-44e33881",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Line",
            "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/7f74d44cebf1cad4b3d7aa9b05236a41cb221e9e",
            "target": {
                "file": "system/stack/sdp/sdp_discovery.cc"
            }
        },
        {
            "digest": {
                "length": 1497.0,
                "function_hash": "140146735426474515366070883419062745255"
            },
            "id": "ASB-A-375409435-47499204",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Function",
            "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/7f74d44cebf1cad4b3d7aa9b05236a41cb221e9e",
            "target": {
                "function": "sdp_snd_service_search_req",
                "file": "system/stack/sdp/sdp_discovery.cc"
            }
        },
        {
            "digest": {
                "length": 3689.0,
                "function_hash": "308941742199032283269529400827602332500"
            },
            "id": "ASB-A-375409435-8c0a16e4",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Function",
            "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/7f74d44cebf1cad4b3d7aa9b05236a41cb221e9e",
            "target": {
                "function": "process_service_search_attr_rsp",
                "file": "system/stack/sdp/sdp_discovery.cc"
            }
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/7f74d44cebf1cad4b3d7aa9b05236a41cb221e9e"
    ],
    "types": [
        "RCE"
    ],
    "spl": "2025-03-01",
    "severity": "Critical"
}

Database specific

source

"https://storage.googleapis.com/android-osv/ASB-A-375409435.json"