PUB-A-254445952
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/PUB-A-254445952.json
- JSON Data
- https://api.osv.dev/v1/vulns/PUB-A-254445952
- Aliases
-
- A-254445952
- CVE-2023-20977
- Published
- 2023-06-01T00:00:00Z
- Modified
- 2026-04-17T15:55:28.020024Z
- Summary
- [none]
- Details
-
In btmblereadremotefeaturescomplete of btmble_gap.cc, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure if the firmware were compromised with System execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android / platform/packages/modules/Bluetooth
Package
Ecosystem specific
{
"severity": "Moderate",
"fixes": [
"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/e2cfbf2685fd4ca4932e6cf6e9d98f57418ce30e"
],
"spl": "2023-06-01",
"vanir_signatures": [
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/e2cfbf2685fd4ca4932e6cf6e9d98f57418ce30e",
"target": {
"function": "btm_ble_read_remote_features_complete",
"file": "system/stack/btm/btm_ble_gap.cc"
},
"deprecated": false,
"digest": {
"function_hash": "142810681150491218045635607572946443956",
"length": 578.0
},
"signature_type": "Function",
"id": "PUB-A-254445952-022f244f"
},
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/e2cfbf2685fd4ca4932e6cf6e9d98f57418ce30e",
"target": {
"file": "system/stack/btm/btm_ble_gap.cc"
},
"deprecated": false,
"digest": {
"line_hashes": [
"193572171072139386044758502784349330881",
"155991988424880404455445275899946021128",
"77915846838003575749278667649509859818",
"301482340753270901619441375453370399143",
"153524999287970943245640119122595438779",
"254010993994861822427506791369397858771",
"315066371698647898187277120838249668882",
"316374145808350111093708557981203956062",
"307964559181206217472726908163401400998",
"294578632843206956932507371357771971885",
"196903728762469490430222758322756772973",
"12785745888760557504192215558819356539",
"17821528429914078605326521975597115348",
"182542015634816505864676955174756430311"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "PUB-A-254445952-5340fda5"
},
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/e2cfbf2685fd4ca4932e6cf6e9d98f57418ce30e",
"target": {
"function": "btu_hcif_process_event",
"file": "system/stack/btu/btu_hcif.cc"
},
"deprecated": false,
"digest": {
"function_hash": "137734023174349184830890249239272560832",
"length": 4786.0
},
"signature_type": "Function",
"id": "PUB-A-254445952-60d15612"
},
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/e2cfbf2685fd4ca4932e6cf6e9d98f57418ce30e",
"target": {
"file": "system/test/mock/mock_stack_btm_ble_gap.cc"
},
"deprecated": false,
"digest": {
"line_hashes": [
"64362738520640031724495979872409942420",
"62006996824289613532796984643880500396",
"131766241880642865817313397421143550548",
"1188834464593180594644199923985966070"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "PUB-A-254445952-637e72f1"
},
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/e2cfbf2685fd4ca4932e6cf6e9d98f57418ce30e",
"target": {
"file": "system/stack/btu/btu_hcif.cc"
},
"deprecated": false,
"digest": {
"line_hashes": [
"193322601014283273961668279302861220443",
"303684473620824665361678665105351209996",
"296285505160783488159445971976576054368",
"143204796913870103492673139000511552690"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "PUB-A-254445952-8722e0f1"
},
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/e2cfbf2685fd4ca4932e6cf6e9d98f57418ce30e",
"target": {
"file": "system/stack/include/ble_hci_link_interface.h"
},
"deprecated": false,
"digest": {
"line_hashes": [
"43125267045811249456873722650429176270",
"2622587020007766959921735475319764286",
"188679613354953956492097503756284233815",
"298775416198561212439457222143063378775"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "PUB-A-254445952-f79bda5e"
}
],
"types": [
"ID"
]
}
Android / platform/packages/modules/Bluetooth
Package
Ecosystem specific
{
"severity": "Moderate",
"fixes": [
"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/6aedab38411253cbeee4f6315459c4c6ffc0d881"
],
"spl": "2023-06-01",
"vanir_signatures": [
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/6aedab38411253cbeee4f6315459c4c6ffc0d881",
"target": {
"function": "btu_hcif_process_event",
"file": "system/stack/btu/btu_hcif.cc"
},
"deprecated": false,
"digest": {
"function_hash": "232227972830537180929657144775355121285",
"length": 4846.0
},
"signature_type": "Function",
"id": "PUB-A-254445952-86034636"
},
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/6aedab38411253cbeee4f6315459c4c6ffc0d881",
"target": {
"function": "btm_ble_read_remote_features_complete",
"file": "system/stack/btm/btm_ble_gap.cc"
},
"deprecated": false,
"digest": {
"function_hash": "142810681150491218045635607572946443956",
"length": 578.0
},
"signature_type": "Function",
"id": "PUB-A-254445952-a8e7b3a7"
},
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/6aedab38411253cbeee4f6315459c4c6ffc0d881",
"target": {
"file": "system/stack/btm/btm_ble_gap.cc"
},
"deprecated": false,
"digest": {
"line_hashes": [
"193572171072139386044758502784349330881",
"155991988424880404455445275899946021128",
"77915846838003575749278667649509859818",
"301482340753270901619441375453370399143",
"153524999287970943245640119122595438779",
"254010993994861822427506791369397858771",
"315066371698647898187277120838249668882",
"316374145808350111093708557981203956062",
"307964559181206217472726908163401400998",
"294578632843206956932507371357771971885",
"196903728762469490430222758322756772973",
"12785745888760557504192215558819356539",
"17821528429914078605326521975597115348",
"182542015634816505864676955174756430311"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "PUB-A-254445952-ac40944d"
},
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/6aedab38411253cbeee4f6315459c4c6ffc0d881",
"target": {
"file": "system/test/mock/mock_stack_btm_ble_gap.cc"
},
"deprecated": false,
"digest": {
"line_hashes": [
"64362738520640031724495979872409942420",
"62006996824289613532796984643880500396",
"131766241880642865817313397421143550548",
"1188834464593180594644199923985966070"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "PUB-A-254445952-c1032275"
},
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/6aedab38411253cbeee4f6315459c4c6ffc0d881",
"target": {
"file": "system/stack/include/ble_hci_link_interface.h"
},
"deprecated": false,
"digest": {
"line_hashes": [
"43125267045811249456873722650429176270",
"2622587020007766959921735475319764286",
"188679613354953956492097503756284233815",
"298775416198561212439457222143063378775"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "PUB-A-254445952-cc256040"
},
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/6aedab38411253cbeee4f6315459c4c6ffc0d881",
"target": {
"file": "system/stack/btu/btu_hcif.cc"
},
"deprecated": false,
"digest": {
"line_hashes": [
"193322601014283273961668279302861220443",
"303684473620824665361678665105351209996",
"296285505160783488159445971976576054368",
"143204796913870103492673139000511552690"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "PUB-A-254445952-fe175803"
}
],
"types": [
"ID"
]
}