PUB-A-260568354
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/PUB-A-260568354.json
- JSON Data
- https://api.osv.dev/v1/vulns/PUB-A-260568354
- Aliases
-
- A-260568354
- CVE-2023-20990
- Published
- 2023-06-01T00:00:00Z
- Modified
- 2025-11-05T16:30:26.460762Z
- Summary
- [none]
- Details
-
In btmblerandenccomplete of btm_ble.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android / platform/packages/modules/Bluetooth
Package
Ecosystem specific
{
"spl": "2023-06-01",
"types": [
"ID"
],
"severity": "Moderate",
"fixes": [
"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/678d7b820f377b129dcdbb7d9916a321c25bb7d5"
],
"vanir_signatures": [
{
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/678d7b820f377b129dcdbb7d9916a321c25bb7d5",
"deprecated": false,
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"117784653552321564358471851936625549508",
"47333122460676538759491455797197126117",
"291796459590222092951770975161402356361",
"184229502923043041024834374352615618277",
"279361614689686598980594842686935201696",
"203958438365526106154898523198184834099",
"26190922315788100689696447141390682060",
"245532789990840797891332040715052709773",
"304541487980214799526866154873465333991",
"292658284489376623161506992059026492619"
]
},
"id": "PUB-A-260568354-0a3f5943",
"target": {
"file": "system/test/mock/mock_stack_btm_ble.h"
}
},
{
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/678d7b820f377b129dcdbb7d9916a321c25bb7d5",
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "12324704330797105710520765979553565911",
"length": 178.0
},
"id": "PUB-A-260568354-19058196",
"target": {
"function": "btm_ble_rand_enc_complete",
"file": "system/test/mock/mock_stack_btm_ble.cc"
}
},
{
"signature_type": "Line",
"deprecated": false,
"id": "PUB-A-260568354-1ef4f857",
"digest": {
"threshold": 0.9,
"line_hashes": [
"313371911573586658228018128838215648498",
"4690809711081223181750630714514388859",
"309782683119757118646700257314011791564",
"315315486998765414351497729550439575724"
]
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/678d7b820f377b129dcdbb7d9916a321c25bb7d5",
"match_only_versions": [
"13-next"
],
"target": {
"file": "system/stack/include/ble_hci_link_interface.h"
}
},
{
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/678d7b820f377b129dcdbb7d9916a321c25bb7d5",
"deprecated": false,
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"65326591185155806798731282979164782553",
"190747945663110882946648974928134239695",
"167901755996270072300021354304720775813",
"206977422755948296639786176225388658574",
"22794000547993259028642115759942653687",
"38778571378476974055435767296346293479",
"154015597657473939734559147436263244719"
]
},
"id": "PUB-A-260568354-2faad2e5",
"target": {
"file": "system/test/mock/mock_stack_btm_ble.cc"
}
},
{
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/678d7b820f377b129dcdbb7d9916a321c25bb7d5",
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "30959802940329759862659041583166081994",
"length": 2138.0
},
"id": "PUB-A-260568354-4630cd0f",
"target": {
"function": "btu_hcif_hdl_command_complete",
"file": "system/stack/btu/btu_hcif.cc"
}
},
{
"signature_type": "Line",
"deprecated": false,
"id": "PUB-A-260568354-5bc73691",
"digest": {
"threshold": 0.9,
"line_hashes": [
"80674951492990122575347656846292152695",
"18376419578549212706905165371280563403",
"277048849032806832997747997065648081505",
"332349706291993620572404588489303378896",
"134839501037574561200844653805349984347",
"145246554979485156081978610762041234426",
"107699788049404248499894625830070853182",
"252428581946088468030393579642186282934",
"34091773844244285523001292683419216754",
"50645818859145066048379539153003406511",
"299128413497606640257411112678203106640",
"58252560446575377289715788461584297441",
"131990504168270375025398946880337013710",
"236317222999668950275625605714186850203",
"29887575839910444504096383204803669044",
"5362790294183309087492498058350516606",
"122057933184607078545555076385749223904",
"116544564171286854822026167827041756901",
"114272965988662198401716015210233701914"
]
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/678d7b820f377b129dcdbb7d9916a321c25bb7d5",
"match_only_versions": [
"13-next"
],
"target": {
"file": "system/stack/btm/btm_ble.cc"
}
},
{
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/678d7b820f377b129dcdbb7d9916a321c25bb7d5",
"deprecated": false,
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"224161529344046936049177692569849198118",
"217438565200487619838275810707526204826",
"111291995599213537043021434985610372809",
"97541988460063341010316638755451632417"
]
},
"id": "PUB-A-260568354-b54bd748",
"target": {
"file": "system/stack/btu/btu_hcif.cc"
}
},
{
"signature_type": "Function",
"deprecated": false,
"id": "PUB-A-260568354-dc67d6db",
"digest": {
"function_hash": "242226141316977193257776497942385063952",
"length": 503.0
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/678d7b820f377b129dcdbb7d9916a321c25bb7d5",
"match_only_versions": [
"13-next"
],
"target": {
"function": "btm_ble_rand_enc_complete",
"file": "system/stack/btm/btm_ble.cc"
}
}
]
}
Android / platform/packages/modules/Bluetooth
Package
Ecosystem specific
{
"spl": "2023-06-01",
"types": [
"ID"
],
"severity": "Moderate",
"fixes": [
"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/14eaa92ef7a31d68a2c8e358bb5e346b5f3faca8"
],
"vanir_signatures": [
{
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/14eaa92ef7a31d68a2c8e358bb5e346b5f3faca8",
"deprecated": false,
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"142082752399167422095596642132995603288",
"83194363392043705588150130661192286658",
"97328365920494269612932145820891586795",
"200698180215332861995169156335002850810"
]
},
"id": "PUB-A-260568354-1b79e1f9",
"target": {
"file": "system/stack/include/sec_hci_link_interface.h"
}
},
{
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/14eaa92ef7a31d68a2c8e358bb5e346b5f3faca8",
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "235604982423465775564157247840940631481",
"length": 1979.0
},
"id": "PUB-A-260568354-72d89937",
"target": {
"function": "btu_hcif_hdl_command_complete",
"file": "system/stack/btu/btu_hcif.cc"
}
},
{
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/14eaa92ef7a31d68a2c8e358bb5e346b5f3faca8",
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "136425544412158208098895187543542390588",
"length": 447.0
},
"id": "PUB-A-260568354-ace2f6aa",
"target": {
"function": "btm_read_local_oob_complete",
"file": "system/stack/btm/btm_sec.cc"
}
},
{
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/14eaa92ef7a31d68a2c8e358bb5e346b5f3faca8",
"deprecated": false,
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"325264427043517553557165461223817198239",
"295881933678064324579768103738187494049",
"315181643201298740465278291549365315274",
"329810156403207977025793552328769403586",
"219194434784713185964900806702504577059",
"157772056518830134703744137694227852784",
"299388539201734548159560723675117721697",
"29733245399691997683098250985780829066",
"73361167583156616262911169997214624489",
"69866212162487218741043515954290437441",
"229953029220960944896250282560537715977",
"308634712869236024915753516540934371848",
"23519541978120722279277736082140798042"
]
},
"id": "PUB-A-260568354-be96904b",
"target": {
"file": "system/stack/btm/btm_sec.cc"
}
},
{
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/14eaa92ef7a31d68a2c8e358bb5e346b5f3faca8",
"deprecated": false,
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"158498375014697082575363767697377430124",
"153827779658015259300859159677933851520",
"185519101010982031378595593154040774612",
"239444332450310509121072509284115823296"
]
},
"id": "PUB-A-260568354-d14e249e",
"target": {
"file": "system/stack/btu/btu_hcif.cc"
}
},
{
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/14eaa92ef7a31d68a2c8e358bb5e346b5f3faca8",
"deprecated": false,
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"171273824833116953023619908107581869037",
"204233808897423718390423480182726106091",
"274312728005060349496821733772376657630",
"316801645066273090928680424419384088819"
]
},
"id": "PUB-A-260568354-d413429a",
"target": {
"file": "system/stack/btm/btm_sec.h"
}
},
{
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/14eaa92ef7a31d68a2c8e358bb5e346b5f3faca8",
"deprecated": false,
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"260599177056920714068251910926436135903",
"295846550874962490249624214735754737645",
"286275385903911516624621275642736382432",
"301258202868381335439944286761427887083"
]
},
"id": "PUB-A-260568354-fbc1fc58",
"target": {
"file": "system/test/mock/mock_stack_btm_sec.cc"
}
}
]
}