ASB-A-406785684
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-406785684.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-406785684
- Aliases
-
- A-406785684
- CVE-2025-48539
- Published
- 2025-09-01T00:00:00Z
- Modified
- 2025-09-26T15:02:33.726194Z
- Summary
- [none]
- Details
-
In SendPacketToPeer of acl_arbiter.cc, there is a possible out of bounds read due to a use after free. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android
platform/packages/modules/Bluetooth
Package
- Name
- platform/packages/modules/Bluetooth
Ecosystem specific
{
"types": [
"RCE"
],
"severity": "Critical",
"fixes": [
"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/243d7484e59730c522640b616445b2747b3062e5"
],
"spl": "2025-09-01",
"vanir_signatures": [
{
"signature_version": "v1",
"digest": {
"line_hashes": [
"42513219586601643498666917077259327358",
"214661696728787310131164919206585232759",
"31548046443679700939958393511330554296",
"86263910952918042751199429885923080603"
],
"threshold": 0.9
},
"deprecated": false,
"id": "ASB-A-406785684-6cc39de1",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/243d7484e59730c522640b616445b2747b3062e5",
"target": {
"file": "system/stack/arbiter/acl_arbiter.cc"
}
}
]
}platform/packages/modules/Bluetooth
Package
- Name
- platform/packages/modules/Bluetooth
Ecosystem specific
{
"types": [
"RCE"
],
"severity": "Critical",
"fixes": [
"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/59d787dcbf5a95d0f00f28970dc98906f3c53832"
],
"spl": "2025-09-01",
"vanir_signatures": [
{
"signature_version": "v1",
"digest": {
"line_hashes": [
"316396108177116684968999051970746304784",
"241047315319657239551928598967010528905",
"31548046443679700939958393511330554296",
"218294207003004999605826659387357549421"
],
"threshold": 0.9
},
"deprecated": false,
"id": "ASB-A-406785684-ad13fa2e",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/59d787dcbf5a95d0f00f28970dc98906f3c53832",
"target": {
"file": "system/stack/arbiter/acl_arbiter.cc"
}
}
]
}platform/packages/modules/Bluetooth
Package
- Name
- platform/packages/modules/Bluetooth
Ecosystem specific
{
"types": [
"RCE"
],
"severity": "Critical",
"fixes": [
"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/d6cb1ec8d11d2a8239c9f7e824f6fbe29edeb2e6"
],
"spl": "2025-09-01",
"vanir_signatures": [
{
"signature_version": "v1",
"digest": {
"line_hashes": [
"42513219586601643498666917077259327358",
"214661696728787310131164919206585232759",
"31548046443679700939958393511330554296",
"86263910952918042751199429885923080603"
],
"threshold": 0.9
},
"deprecated": false,
"id": "ASB-A-406785684-8c6914b9",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/d6cb1ec8d11d2a8239c9f7e824f6fbe29edeb2e6",
"target": {
"file": "system/stack/arbiter/acl_arbiter.cc"
}
}
]
}