PUB-A-240301753
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/PUB-A-240301753.json
- JSON Data
- https://api.osv.dev/v1/vulns/PUB-A-240301753
- Aliases
-
- A-240301753
- CVE-2022-20547
- Published
- 2022-12-01T00:00:00Z
- Modified
- 2024-11-06T12:16:03.231308Z
- Summary
- [none]
- Details
-
In multiple functions of AdapterService.java, there is a possible way to manipulate Bluetooth state due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android / platform/packages/modules/Bluetooth
Package
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"length": 95.0,
"function_hash": "50757252861193026122316248663512856500"
},
"id": "PUB-A-240301753-153c1481",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/040c9bafc992557d46d52cc01a9a59f9632c9ef5",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "android/app/src/com/android/bluetooth/btservice/AdapterService.java",
"function": "retrievePendingSocketForServiceRecord"
},
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"336543285417397496473978538558445781741",
"98005519639658717479776377185710239036",
"306482618865635812147597580207714038625",
"164485076783088386561319458838342329898",
"37733333598715831002936735688460934045",
"46825822942818583563931426433874497615",
"34589309195499265683709687358886568426",
"12437621527051904480160275129763137616",
"19657046246639268481739371678408352158",
"57245045089298679319422214245157068121",
"338627328938833717709040215904893985703",
"205813472867119078439271939689028261823",
"182465072864460627452683452540910000013",
"132036065931379991755997953614229328969",
"253801012084625161590130167942819702864",
"276410169993454176363113632123180069087",
"103644153285883704615652652738845158337",
"202092097301454457647408491278318074530",
"240156939685891499122112131206970542621",
"150864257758850816607103866732968920206",
"314531570049188915489036879764587731981",
"89401730193196185691305309302792562436",
"251047739839568523211005578929220371911",
"272768074970648758069737040187655878675",
"222235283829659810449767859712296051497",
"318712999210023486609886321669960415201",
"155551443807599979360032300247268597483"
]
},
"id": "PUB-A-240301753-584628d6",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/040c9bafc992557d46d52cc01a9a59f9632c9ef5",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "android/app/src/com/android/bluetooth/btservice/AdapterService.java"
},
"signature_type": "Line"
},
{
"digest": {
"length": 95.0,
"function_hash": "50757252861193026122316248663512856500"
},
"id": "PUB-A-240301753-9ef3ca11",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/040c9bafc992557d46d52cc01a9a59f9632c9ef5",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "android/app/src/com/android/bluetooth/btservice/AdapterService.java",
"function": "stopRfcommListener"
},
"signature_type": "Function"
},
{
"digest": {
"length": 139.0,
"function_hash": "266318086400615843683495170038248093068"
},
"id": "PUB-A-240301753-ac71ffce",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/040c9bafc992557d46d52cc01a9a59f9632c9ef5",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "android/app/src/com/android/bluetooth/btservice/AdapterService.java",
"function": "startRfcommListener"
},
"signature_type": "Function"
},
{
"digest": {
"length": 174.0,
"function_hash": "172763928232241021055097874900121927040"
},
"id": "PUB-A-240301753-d20da9e3",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/040c9bafc992557d46d52cc01a9a59f9632c9ef5",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "android/app/src/com/android/bluetooth/btservice/AdapterService.java",
"function": "allowLowLatencyAudio"
},
"signature_type": "Function"
}
],
"fixes": [
"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/040c9bafc992557d46d52cc01a9a59f9632c9ef5"
],
"spl": "2022-12-01",
"severity": "Moderate",
"types": [
"EoP"
]
}