ASB-A-406785684

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-406785684.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-406785684
Aliases
  • A-406785684
  • CVE-2025-48539
Published
2025-09-01T00:00:00Z
Modified
2025-09-05T14:56:56.826104Z
Summary
[none]
Details

In SendPacketToPeer of acl_arbiter.cc, there is a possible out of bounds read due to a use after free. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/packages/modules/Bluetooth

Affected ranges

Type
ECOSYSTEM
Events
Introduced
16-next:0
Fixed
16-next:2025-09-01

Affected versions

Other

16-next

Ecosystem specific

{
    "vanir_signatures": [
        {
            "signature_type": "Line",
            "deprecated": false,
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "42513219586601643498666917077259327358",
                    "214661696728787310131164919206585232759",
                    "31548046443679700939958393511330554296",
                    "86263910952918042751199429885923080603"
                ]
            },
            "signature_version": "v1",
            "target": {
                "file": "system/stack/arbiter/acl_arbiter.cc"
            },
            "id": "ASB-A-406785684-6cc39de1",
            "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/243d7484e59730c522640b616445b2747b3062e5"
        }
    ],
    "types": [
        "RCE"
    ],
    "severity": "Critical",
    "spl": "2025-09-01",
    "fixes": [
        "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/243d7484e59730c522640b616445b2747b3062e5"
    ]
}

Android / platform/packages/modules/Bluetooth

Affected ranges

Type
ECOSYSTEM
Events
Introduced
15:0
Fixed
15:2025-09-01

Affected versions

Other

15

Ecosystem specific

{
    "vanir_signatures": [
        {
            "signature_type": "Line",
            "deprecated": false,
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "316396108177116684968999051970746304784",
                    "241047315319657239551928598967010528905",
                    "31548046443679700939958393511330554296",
                    "218294207003004999605826659387357549421"
                ]
            },
            "signature_version": "v1",
            "target": {
                "file": "system/stack/arbiter/acl_arbiter.cc"
            },
            "id": "ASB-A-406785684-ad13fa2e",
            "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/59d787dcbf5a95d0f00f28970dc98906f3c53832"
        }
    ],
    "types": [
        "RCE"
    ],
    "severity": "Critical",
    "spl": "2025-09-01",
    "fixes": [
        "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/59d787dcbf5a95d0f00f28970dc98906f3c53832"
    ]
}

Android / platform/packages/modules/Bluetooth

Affected ranges

Type
ECOSYSTEM
Events
Introduced
16:0
Fixed
16:2025-09-01

Affected versions

Other

16

Ecosystem specific

{
    "vanir_signatures": [
        {
            "signature_type": "Line",
            "deprecated": false,
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "42513219586601643498666917077259327358",
                    "214661696728787310131164919206585232759",
                    "31548046443679700939958393511330554296",
                    "86263910952918042751199429885923080603"
                ]
            },
            "signature_version": "v1",
            "target": {
                "file": "system/stack/arbiter/acl_arbiter.cc"
            },
            "id": "ASB-A-406785684-8c6914b9",
            "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/d6cb1ec8d11d2a8239c9f7e824f6fbe29edeb2e6"
        }
    ],
    "types": [
        "RCE"
    ],
    "severity": "Critical",
    "spl": "2025-09-01",
    "fixes": [
        "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/d6cb1ec8d11d2a8239c9f7e824f6fbe29edeb2e6"
    ]
}