In gattprocessreadbytypersp of gattcl.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure in the Bluetooth server with no additional execution privileges needed. User interaction is not needed for exploitation.
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "128209036849682925507769272032220842630", "118148119298219337041890358602925579698", "100322082609158840451188941519335099218", "205891181816671458137863107350817757273", "339782928233670025478778286670126471030", "5549041135905431976777039003897884896", "231526857142627928993022467953418278079", "314515756551669587750579748008643120521" ] }, "id": "ASB-A-158778659-1ceb83e0", "source": "https://android.googlesource.com/platform/system/bt/+/26a348a610ec277384c98f42acd841ae647d2131", "deprecated": false, "signature_version": "v1", "target": { "file": "stack/gatt/gatt_cl.cc" }, "signature_type": "Line" }, { "digest": { "length": 4639.0, "function_hash": "42957258101994466047224867379899158865" }, "id": "ASB-A-158778659-939e9016", "source": "https://android.googlesource.com/platform/system/bt/+/26a348a610ec277384c98f42acd841ae647d2131", "deprecated": false, "signature_version": "v1", "target": { "file": "stack/gatt/gatt_cl.cc", "function": "gatt_process_read_by_type_rsp" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/system/bt/+/26a348a610ec277384c98f42acd841ae647d2131" ], "spl": "2020-10-01", "severity": "High", "types": [ "ID" ] }
{ "vanir_signatures": [ { "digest": { "length": 4639.0, "function_hash": "42957258101994466047224867379899158865" }, "id": "ASB-A-158778659-d35182af", "source": "https://android.googlesource.com/platform/system/bt/+/26a348a610ec277384c98f42acd841ae647d2131", "deprecated": false, "signature_version": "v1", "target": { "file": "stack/gatt/gatt_cl.cc", "function": "gatt_process_read_by_type_rsp" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "128209036849682925507769272032220842630", "118148119298219337041890358602925579698", "100322082609158840451188941519335099218", "205891181816671458137863107350817757273", "339782928233670025478778286670126471030", "5549041135905431976777039003897884896", "231526857142627928993022467953418278079", "314515756551669587750579748008643120521" ] }, "id": "ASB-A-158778659-e7d0a5f9", "source": "https://android.googlesource.com/platform/system/bt/+/26a348a610ec277384c98f42acd841ae647d2131", "deprecated": false, "signature_version": "v1", "target": { "file": "stack/gatt/gatt_cl.cc" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/system/bt/+/26a348a610ec277384c98f42acd841ae647d2131" ], "spl": "2020-10-01", "severity": "High", "types": [ "ID" ] }
{ "vanir_signatures": [ { "digest": { "length": 4639.0, "function_hash": "42957258101994466047224867379899158865" }, "id": "ASB-A-158778659-0203e176", "source": "https://android.googlesource.com/platform/system/bt/+/26a348a610ec277384c98f42acd841ae647d2131", "deprecated": false, "signature_version": "v1", "target": { "file": "stack/gatt/gatt_cl.cc", "function": "gatt_process_read_by_type_rsp" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "128209036849682925507769272032220842630", "118148119298219337041890358602925579698", "100322082609158840451188941519335099218", "205891181816671458137863107350817757273", "339782928233670025478778286670126471030", "5549041135905431976777039003897884896", "231526857142627928993022467953418278079", "314515756551669587750579748008643120521" ] }, "id": "ASB-A-158778659-d67e91cc", "source": "https://android.googlesource.com/platform/system/bt/+/26a348a610ec277384c98f42acd841ae647d2131", "deprecated": false, "signature_version": "v1", "target": { "file": "stack/gatt/gatt_cl.cc" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/system/bt/+/26a348a610ec277384c98f42acd841ae647d2131" ], "spl": "2020-10-01", "severity": "High", "types": [ "ID" ] }
{ "vanir_signatures": [ { "digest": { "length": 4639.0, "function_hash": "42957258101994466047224867379899158865" }, "id": "ASB-A-158778659-3108b0d2", "source": "https://android.googlesource.com/platform/system/bt/+/26a348a610ec277384c98f42acd841ae647d2131", "deprecated": false, "signature_version": "v1", "target": { "file": "stack/gatt/gatt_cl.cc", "function": "gatt_process_read_by_type_rsp" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "128209036849682925507769272032220842630", "118148119298219337041890358602925579698", "100322082609158840451188941519335099218", "205891181816671458137863107350817757273", "339782928233670025478778286670126471030", "5549041135905431976777039003897884896", "231526857142627928993022467953418278079", "314515756551669587750579748008643120521" ] }, "id": "ASB-A-158778659-951f0b88", "source": "https://android.googlesource.com/platform/system/bt/+/26a348a610ec277384c98f42acd841ae647d2131", "deprecated": false, "signature_version": "v1", "target": { "file": "stack/gatt/gatt_cl.cc" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/system/bt/+/26a348a610ec277384c98f42acd841ae647d2131" ], "spl": "2020-10-01", "severity": "High", "types": [ "ID" ] }
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "128209036849682925507769272032220842630", "118148119298219337041890358602925579698", "100322082609158840451188941519335099218", "205891181816671458137863107350817757273", "339782928233670025478778286670126471030", "5549041135905431976777039003897884896", "231526857142627928993022467953418278079", "314515756551669587750579748008643120521" ] }, "id": "ASB-A-158778659-02e71724", "source": "https://android.googlesource.com/platform/system/bt/+/26a348a610ec277384c98f42acd841ae647d2131", "deprecated": false, "signature_version": "v1", "target": { "file": "stack/gatt/gatt_cl.cc" }, "signature_type": "Line" }, { "digest": { "length": 4639.0, "function_hash": "42957258101994466047224867379899158865" }, "id": "ASB-A-158778659-10a7df0b", "source": "https://android.googlesource.com/platform/system/bt/+/26a348a610ec277384c98f42acd841ae647d2131", "deprecated": false, "signature_version": "v1", "target": { "file": "stack/gatt/gatt_cl.cc", "function": "gatt_process_read_by_type_rsp" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/system/bt/+/26a348a610ec277384c98f42acd841ae647d2131" ], "spl": "2020-10-01", "severity": "High", "types": [ "ID" ] }