ASB-A-380091558
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-380091558.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-380091558
- Aliases
-
- A-380091558
- CVE-2026-0045
- Published
- 2026-06-01T00:00:00Z
- Modified
- 2026-06-16T15:04:57.126039127Z
- Summary
- [none]
- Details
-
In btajvrfcommconnect of btajv_act.cc, there is a possible bypass of bonding for a secure connection due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android
platform/packages/modules/Bluetooth
Package
- Name
- platform/packages/modules/Bluetooth
Ecosystem specific
{
"types": [
"EoP"
],
"severity": "High",
"fixes": [
"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/dc64fbcebd089d82075ca5c26144ba3933189198",
"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/3cce3201a64ebe5806fa0842ea0475ee68ed8910",
"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/b779276319f462e9a1f61e97375d78c219188813"
],
"spl": "2026-06-01",
"vanir_signatures": [
{
"deprecated": false,
"target": {
"file": "system/bta/jv/bta_jv_act.cc",
"function": "bta_jv_rfcomm_connect"
},
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/3cce3201a64ebe5806fa0842ea0475ee68ed8910",
"digest": {
"function_hash": "155286932709982901211941271820606969643",
"length": 2536.0
},
"id": "ASB-A-380091558-186b8869",
"signature_type": "Function",
"signature_version": "v1"
},
{
"id": "ASB-A-380091558-48ac0e80",
"target": {
"file": "system/bta/jv/bta_jv_act.cc"
},
"signature_type": "Line",
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/3cce3201a64ebe5806fa0842ea0475ee68ed8910",
"deprecated": false,
"digest": {
"line_hashes": [
"163089759142127586588324651590170982536",
"185362144492042389778852082534923951970",
"299146049654932286679684252146538042477",
"245884674148920163474875848464493141963",
"136040404144856022676109285507470382523",
"268118490558179745562183388433856193629"
],
"threshold": 0.9
}
},
{
"deprecated": false,
"target": {
"file": "system/bta/jv/bta_jv_act.cc",
"function": "bta_jv_rfcomm_connect"
},
"signature_type": "Function",
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/b779276319f462e9a1f61e97375d78c219188813",
"digest": {
"function_hash": "204053646215637187823523884420175504269",
"length": 2703.0
},
"id": "ASB-A-380091558-8bb3d7c0"
},
{
"id": "ASB-A-380091558-a4061015",
"target": {
"file": "system/stack/btm/btm_sec.cc"
},
"signature_type": "Line",
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/3cce3201a64ebe5806fa0842ea0475ee68ed8910",
"deprecated": false,
"digest": {
"line_hashes": [
"36467356241797826191898883367551871260",
"56136246635340542338900908325101208086",
"161240907973227795362103879973783025578",
"147497994970655261063710976720259643055",
"75711844978771333906290175064275198363"
],
"threshold": 0.9
}
},
{
"deprecated": false,
"target": {
"file": "system/stack/btm/btm_sec.cc",
"function": "security_upgrade_possible"
},
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/b779276319f462e9a1f61e97375d78c219188813",
"digest": {
"function_hash": "101682431887460014955467766976799533419",
"length": 1174.0
},
"id": "ASB-A-380091558-aea61c86",
"signature_type": "Function",
"signature_version": "v1"
},
{
"deprecated": false,
"target": {
"file": "system/stack/btm/btm_sec.cc"
},
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/b779276319f462e9a1f61e97375d78c219188813",
"signature_version": "v1",
"digest": {
"line_hashes": [
"90471395965423210681952246547087295692",
"27781841517194712170158012037962339692",
"35057174028523569150016769575442611538",
"56041625589179657681109765112930699790"
],
"threshold": 0.9
},
"id": "ASB-A-380091558-af6208a6",
"signature_type": "Line"
},
{
"deprecated": false,
"target": {
"file": "system/stack/btm/btm_sec.cc",
"function": "btm_sec_is_upgrade_possible"
},
"signature_type": "Function",
"digest": {
"function_hash": "274122828002331870840220504248638420514",
"length": 687.0
},
"id": "ASB-A-380091558-af711ec1",
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/dc64fbcebd089d82075ca5c26144ba3933189198"
},
{
"id": "ASB-A-380091558-d1fc6bfc",
"target": {
"file": "system/stack/btm/btm_sec.cc",
"function": "btm_sec_is_upgrade_possible"
},
"signature_type": "Function",
"digest": {
"function_hash": "305930527144224377311387077425957054761",
"length": 899.0
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/3cce3201a64ebe5806fa0842ea0475ee68ed8910",
"deprecated": false
},
{
"deprecated": false,
"target": {
"file": "system/stack/btm/btm_sec.cc"
},
"signature_type": "Line",
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/dc64fbcebd089d82075ca5c26144ba3933189198",
"digest": {
"line_hashes": [
"120407114186603007367964648596233065001",
"295577149032350445791988965255135284322",
"254243829210005822855742074596367004964",
"137214708186747992469385985530262358601"
],
"threshold": 0.9
},
"id": "ASB-A-380091558-e95c3352"
},
{
"deprecated": false,
"target": {
"file": "system/bta/jv/bta_jv_act.cc"
},
"signature_type": "Line",
"digest": {
"line_hashes": [
"46606172614049027696061413510971695463",
"272121945295733399691280914139180258751",
"222111781212807861444150640071854510049",
"176747255395535273579322723197938636552",
"36260336491784744904286958358995918941",
"110450424347802099704304950361096992239",
"4307573920395523246659933960998931260",
"158627482189286232155870192643481704641"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/b779276319f462e9a1f61e97375d78c219188813",
"id": "ASB-A-380091558-f67789ef"
}
]
}platform/packages/modules/Bluetooth
Package
- Name
- platform/packages/modules/Bluetooth
Ecosystem specific
{
"types": [
"EoP"
],
"severity": "High",
"fixes": [
"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/48eb145c9c8a94f863070804175fbf6fb355f8a1"
],
"spl": "2026-06-01",
"vanir_signatures": [
{
"deprecated": false,
"target": {
"file": "system/stack/btm/btm_sec.cc",
"function": "btm_sec_is_upgrade_possible"
},
"signature_type": "Function",
"digest": {
"function_hash": "274122828002331870840220504248638420514",
"length": 687.0
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/48eb145c9c8a94f863070804175fbf6fb355f8a1",
"id": "ASB-A-380091558-3bccfd8f"
},
{
"deprecated": false,
"target": {
"file": "system/bta/jv/bta_jv_act.cc",
"function": "bta_jv_rfcomm_connect"
},
"signature_type": "Function",
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/48eb145c9c8a94f863070804175fbf6fb355f8a1",
"digest": {
"function_hash": "246045453329049868580318585678768559258",
"length": 2061.0
},
"id": "ASB-A-380091558-67b8eb8b"
},
{
"id": "ASB-A-380091558-923af5e8",
"target": {
"file": "system/bta/jv/bta_jv_act.cc"
},
"signature_type": "Line",
"digest": {
"line_hashes": [
"176913036312087856290174883664458960371",
"113340985784923630287529885877617535971",
"202448637744410902751492056312456746846",
"275534395085438161233861307059525226785",
"36260336491784744904286958358995918941",
"23877576667889797770546918605184706865",
"281051978401748001198361444312995006964",
"190840697624440987151310311024691265897"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/48eb145c9c8a94f863070804175fbf6fb355f8a1",
"deprecated": false
},
{
"deprecated": false,
"target": {
"file": "system/stack/btm/btm_sec.cc"
},
"signature_type": "Line",
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/48eb145c9c8a94f863070804175fbf6fb355f8a1",
"digest": {
"line_hashes": [
"233362710700459780504517130873991310009",
"295577149032350445791988965255135284322",
"193844408726808641575351268183180026652",
"144777473879179858286456976737090791735"
],
"threshold": 0.9
},
"id": "ASB-A-380091558-ff9df06f"
}
]
}platform/packages/modules/Bluetooth
Package
- Name
- platform/packages/modules/Bluetooth
Ecosystem specific
{
"types": [
"EoP"
],
"severity": "High",
"fixes": [
"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/678f1a3dbc1e7b2d53063db7f5fab11c5e6d60e5"
],
"spl": "2026-06-01",
"vanir_signatures": [
{
"deprecated": false,
"target": {
"file": "system/bta/jv/bta_jv_act.cc"
},
"signature_type": "Line",
"digest": {
"line_hashes": [
"163089759142127586588324651590170982536",
"185362144492042389778852082534923951970",
"299146049654932286679684252146538042477",
"245884674148920163474875848464493141963",
"136040404144856022676109285507470382523",
"268118490558179745562183388433856193629"
],
"threshold": 0.9
},
"id": "ASB-A-380091558-2415e0bb",
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/678f1a3dbc1e7b2d53063db7f5fab11c5e6d60e5"
},
{
"deprecated": false,
"target": {
"file": "system/stack/btm/btm_sec.cc"
},
"signature_type": "Line",
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/678f1a3dbc1e7b2d53063db7f5fab11c5e6d60e5",
"digest": {
"line_hashes": [
"215369280184950385639233795273626289244",
"123762443989841725281814036488747174660",
"139217334984071104976834635057496087848",
"280944670912963734861279569564561083451",
"78603257810396034880921856202660379658"
],
"threshold": 0.9
},
"id": "ASB-A-380091558-2dabccf8"
},
{
"deprecated": false,
"target": {
"file": "system/bta/jv/bta_jv_act.cc",
"function": "bta_jv_rfcomm_connect"
},
"signature_type": "Function",
"digest": {
"function_hash": "131584299728825188974439019170440586434",
"length": 2476.0
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/678f1a3dbc1e7b2d53063db7f5fab11c5e6d60e5",
"id": "ASB-A-380091558-a2b97a37"
},
{
"deprecated": false,
"target": {
"file": "system/stack/btm/btm_sec.cc",
"function": "btm_sec_is_upgrade_possible"
},
"signature_type": "Function",
"digest": {
"function_hash": "315082393967161614135416274559428622968",
"length": 908.0
},
"id": "ASB-A-380091558-ef254589",
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/678f1a3dbc1e7b2d53063db7f5fab11c5e6d60e5"
}
]
}platform/packages/modules/Bluetooth
Package
- Name
- platform/packages/modules/Bluetooth
Ecosystem specific
{
"types": [
"EoP"
],
"severity": "High",
"fixes": [
"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/256b0e3a78e854a6796dbadebbf118141ae1248f"
],
"spl": "2026-06-01",
"vanir_signatures": [
{
"deprecated": false,
"target": {
"file": "system/stack/btm/btm_sec.cc",
"function": "btm_sec_is_upgrade_possible"
},
"signature_type": "Function",
"digest": {
"function_hash": "32332222465326117345079343273979226050",
"length": 910.0
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/256b0e3a78e854a6796dbadebbf118141ae1248f",
"id": "ASB-A-380091558-033993d2"
},
{
"deprecated": false,
"target": {
"file": "system/stack/btm/btm_sec.cc"
},
"signature_type": "Line",
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/256b0e3a78e854a6796dbadebbf118141ae1248f",
"digest": {
"line_hashes": [
"165023310979350278205374289448802898061",
"36467356241797826191898883367551871260",
"56136246635340542338900908325101208086",
"161240907973227795362103879973783025578",
"147497994970655261063710976720259643055",
"75711844978771333906290175064275198363"
],
"threshold": 0.9
},
"id": "ASB-A-380091558-2df0c40e"
},
{
"deprecated": false,
"target": {
"file": "system/bta/jv/bta_jv_act.cc"
},
"signature_type": "Line",
"digest": {
"line_hashes": [
"163089759142127586588324651590170982536",
"185362144492042389778852082534923951970",
"299146049654932286679684252146538042477",
"245884674148920163474875848464493141963",
"136040404144856022676109285507470382523",
"268118490558179745562183388433856193629"
],
"threshold": 0.9
},
"id": "ASB-A-380091558-4e9b52b6",
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/256b0e3a78e854a6796dbadebbf118141ae1248f"
},
{
"deprecated": false,
"target": {
"file": "system/bta/jv/bta_jv_act.cc",
"function": "bta_jv_rfcomm_connect"
},
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/256b0e3a78e854a6796dbadebbf118141ae1248f",
"digest": {
"function_hash": "155286932709982901211941271820606969643",
"length": 2536.0
},
"id": "ASB-A-380091558-fa832d64",
"signature_type": "Function",
"signature_version": "v1"
}
]
}platform/packages/modules/Bluetooth
Package
- Name
- platform/packages/modules/Bluetooth
Ecosystem specific
{
"types": [
"EoP"
],
"severity": "High",
"fixes": [
"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/92611bfc4d26f510490144f781662ccfc3da218e"
],
"spl": "2026-06-01",
"vanir_signatures": [
{
"deprecated": false,
"target": {
"file": "system/stack/btm/btm_sec.cc"
},
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/92611bfc4d26f510490144f781662ccfc3da218e",
"digest": {
"line_hashes": [
"267459501589051675215419896866954098335",
"295577149032350445791988965255135284322",
"289387393266665082225386809668131775522",
"173461564977394523606803925134916891532"
],
"threshold": 0.9
},
"id": "ASB-A-380091558-319f916e",
"signature_type": "Line",
"signature_version": "v1"
},
{
"id": "ASB-A-380091558-3551fae5",
"target": {
"file": "system/stack/btm/btm_sec.cc",
"function": "btm_sec_is_upgrade_possible"
},
"signature_type": "Function",
"digest": {
"function_hash": "42472635585583247353873066506413861035",
"length": 621.0
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/92611bfc4d26f510490144f781662ccfc3da218e",
"deprecated": false
}
]
}