In a2dpvendorldacdecoderdecodepacket of a2dpvendorldacdecoder.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "51906278877382423285985799483040972923", "314556597833400938481312044524823353254", "220674763493798661003210674057738009067", "279765562730174045340229648086676342003", "247921375628482552314263123623435430324", "3318908847668533227094955923228836145", "261115048297857130466673508664305110762", "103569909928627432733060194223833567793" ] }, "id": "ASB-A-142546668-40649709", "source": "https://android.googlesource.com/platform/system/bt/+/96392b0f2cfb2adc72cc7cad0d74dec8f4041582", "deprecated": false, "signature_version": "v1", "target": { "file": "stack/a2dp/a2dp_vendor_ldac_decoder.cc" }, "signature_type": "Line" }, { "digest": { "length": 1376.0, "function_hash": "328582912010224929108738279848328152295" }, "id": "ASB-A-142546668-71face25", "source": "https://android.googlesource.com/platform/system/bt/+/96392b0f2cfb2adc72cc7cad0d74dec8f4041582", "deprecated": false, "signature_version": "v1", "target": { "file": "stack/a2dp/a2dp_vendor_ldac_decoder.cc", "function": "a2dp_vendor_ldac_decoder_decode_packet" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/system/bt/+/96392b0f2cfb2adc72cc7cad0d74dec8f4041582" ], "spl": "2020-07-01", "severity": "Critical", "types": [ "RCE" ] }