PUB-A-185513714

See a problem?
Import Source
https://storage.googleapis.com/android-osv/PUB-A-185513714.json
JSON Data
https://api.osv.dev/v1/vulns/PUB-A-185513714
Aliases
  • A-185513714
  • CVE-2022-20207
Published
2022-06-01T00:00:00Z
Modified
2024-08-29T06:57:52.452236Z
Summary
Bluetooth GATT enable/connect/disconnect/pairing/discover features are exposed to 3rd-party apps without additional permission
Details

In static definitions of GattServiceConfig.java, there is a possible permission bypass due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/packages/apps/Bluetooth

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12L:0
Fixed
12L:2022-06-01

Affected versions

Other

12L

Ecosystem specific

{
    "vanir_signatures": [
        {
            "match_only_versions": [
                "12L"
            ],
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "310264222601774262554073906312179050471",
                    "233851378929737165976130497824506340663"
                ]
            },
            "id": "PUB-A-185513714-75917028",
            "source": "https://android.googlesource.com/platform/packages/apps/Bluetooth/+/2109e7a24a18a3d2c87b6a7bbb545a1246ea21b6",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/bluetooth/gatt/GattServiceConfig.java"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/packages/apps/Bluetooth/+/2109e7a24a18a3d2c87b6a7bbb545a1246ea21b6"
    ],
    "spl": "2022-06-01",
    "severity": "Moderate",
    "types": [
        "EoP"
    ]
}