In sdpserverhandleclientreq of sdp_server.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure from the bluetooth server with no additional execution privileges needed. User interaction is not needed for exploitation.
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "87685864126385691118721298356633827310", "11621428868190782394354950434193695670", "268678758175330329494886202073524614864", "46825356829741404233291821332653897577", "266117900808884762756126251357245747988", "40511515926288100500412701195627018383", "184549723743614675046908550020434931907", "43792252858058655228097650551178236297", "110321777404277445683310873406562646192", "104264280191072247418886828780508044318", "7355196314179985483720797385639882088", "158586034936805583632489481069503631016", "195975751366998031999502628347301239198" ] }, "id": "ASB-A-169342531-59180ca9", "source": "https://android.googlesource.com/platform/system/bt/+/938a5cd87c38bf35d15ffa3414c3a74faecb8bf8", "deprecated": false, "signature_version": "v1", "target": { "file": "stack/sdp/sdp_server.cc" }, "signature_type": "Line" }, { "digest": { "length": 1211.0, "function_hash": "56637524515588004733390268479014796417" }, "id": "ASB-A-169342531-88f34b28", "source": "https://android.googlesource.com/platform/system/bt/+/938a5cd87c38bf35d15ffa3414c3a74faecb8bf8", "deprecated": false, "signature_version": "v1", "target": { "file": "stack/sdp/sdp_server.cc", "function": "sdp_server_handle_client_req" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/system/bt/+/938a5cd87c38bf35d15ffa3414c3a74faecb8bf8" ], "spl": "2020-12-01", "severity": "High", "types": [ "ID" ] }
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "87685864126385691118721298356633827310", "11621428868190782394354950434193695670", "268678758175330329494886202073524614864", "46825356829741404233291821332653897577", "266117900808884762756126251357245747988", "40511515926288100500412701195627018383", "184549723743614675046908550020434931907", "43792252858058655228097650551178236297", "110321777404277445683310873406562646192", "104264280191072247418886828780508044318", "7355196314179985483720797385639882088", "158586034936805583632489481069503631016", "195975751366998031999502628347301239198" ] }, "id": "ASB-A-169342531-33898cbb", "source": "https://android.googlesource.com/platform/system/bt/+/938a5cd87c38bf35d15ffa3414c3a74faecb8bf8", "deprecated": false, "signature_version": "v1", "target": { "file": "stack/sdp/sdp_server.cc" }, "signature_type": "Line" }, { "digest": { "length": 1211.0, "function_hash": "56637524515588004733390268479014796417" }, "id": "ASB-A-169342531-3c6f4812", "source": "https://android.googlesource.com/platform/system/bt/+/938a5cd87c38bf35d15ffa3414c3a74faecb8bf8", "deprecated": false, "signature_version": "v1", "target": { "file": "stack/sdp/sdp_server.cc", "function": "sdp_server_handle_client_req" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/system/bt/+/938a5cd87c38bf35d15ffa3414c3a74faecb8bf8" ], "spl": "2020-12-01", "severity": "High", "types": [ "ID" ] }
{ "vanir_signatures": [ { "digest": { "length": 1211.0, "function_hash": "56637524515588004733390268479014796417" }, "id": "ASB-A-169342531-56ca3830", "source": "https://android.googlesource.com/platform/system/bt/+/938a5cd87c38bf35d15ffa3414c3a74faecb8bf8", "deprecated": false, "signature_version": "v1", "target": { "file": "stack/sdp/sdp_server.cc", "function": "sdp_server_handle_client_req" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "87685864126385691118721298356633827310", "11621428868190782394354950434193695670", "268678758175330329494886202073524614864", "46825356829741404233291821332653897577", "266117900808884762756126251357245747988", "40511515926288100500412701195627018383", "184549723743614675046908550020434931907", "43792252858058655228097650551178236297", "110321777404277445683310873406562646192", "104264280191072247418886828780508044318", "7355196314179985483720797385639882088", "158586034936805583632489481069503631016", "195975751366998031999502628347301239198" ] }, "id": "ASB-A-169342531-796ccb8c", "source": "https://android.googlesource.com/platform/system/bt/+/938a5cd87c38bf35d15ffa3414c3a74faecb8bf8", "deprecated": false, "signature_version": "v1", "target": { "file": "stack/sdp/sdp_server.cc" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/system/bt/+/938a5cd87c38bf35d15ffa3414c3a74faecb8bf8" ], "spl": "2020-12-01", "severity": "High", "types": [ "ID" ] }
{ "vanir_signatures": [ { "digest": { "length": 1211.0, "function_hash": "56637524515588004733390268479014796417" }, "id": "ASB-A-169342531-318f78d5", "source": "https://android.googlesource.com/platform/system/bt/+/938a5cd87c38bf35d15ffa3414c3a74faecb8bf8", "deprecated": false, "signature_version": "v1", "target": { "file": "stack/sdp/sdp_server.cc", "function": "sdp_server_handle_client_req" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "87685864126385691118721298356633827310", "11621428868190782394354950434193695670", "268678758175330329494886202073524614864", "46825356829741404233291821332653897577", "266117900808884762756126251357245747988", "40511515926288100500412701195627018383", "184549723743614675046908550020434931907", "43792252858058655228097650551178236297", "110321777404277445683310873406562646192", "104264280191072247418886828780508044318", "7355196314179985483720797385639882088", "158586034936805583632489481069503631016", "195975751366998031999502628347301239198" ] }, "id": "ASB-A-169342531-eb957e36", "source": "https://android.googlesource.com/platform/system/bt/+/938a5cd87c38bf35d15ffa3414c3a74faecb8bf8", "deprecated": false, "signature_version": "v1", "target": { "file": "stack/sdp/sdp_server.cc" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/system/bt/+/938a5cd87c38bf35d15ffa3414c3a74faecb8bf8" ], "spl": "2020-12-01", "severity": "High", "types": [ "ID" ] }
{ "vanir_signatures": [ { "digest": { "length": 1211.0, "function_hash": "56637524515588004733390268479014796417" }, "id": "ASB-A-169342531-10473549", "source": "https://android.googlesource.com/platform/system/bt/+/938a5cd87c38bf35d15ffa3414c3a74faecb8bf8", "deprecated": false, "signature_version": "v1", "target": { "file": "stack/sdp/sdp_server.cc", "function": "sdp_server_handle_client_req" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "87685864126385691118721298356633827310", "11621428868190782394354950434193695670", "268678758175330329494886202073524614864", "46825356829741404233291821332653897577", "266117900808884762756126251357245747988", "40511515926288100500412701195627018383", "184549723743614675046908550020434931907", "43792252858058655228097650551178236297", "110321777404277445683310873406562646192", "104264280191072247418886828780508044318", "7355196314179985483720797385639882088", "158586034936805583632489481069503631016", "195975751366998031999502628347301239198" ] }, "id": "ASB-A-169342531-c0ed726f", "source": "https://android.googlesource.com/platform/system/bt/+/938a5cd87c38bf35d15ffa3414c3a74faecb8bf8", "deprecated": false, "signature_version": "v1", "target": { "file": "stack/sdp/sdp_server.cc" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/system/bt/+/938a5cd87c38bf35d15ffa3414c3a74faecb8bf8" ], "spl": "2020-12-01", "severity": "High", "types": [ "ID" ] }