In ConnectionHandler::SdpCb of connection_handler.cc, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "298198116241899993833217634389560504667", "287012202328669652311876090109824391990", "47879640589574822830942397260413806572", "201339308334320448245842070676463746924" ] }, "id": "ASB-A-174182139-1641211b", "source": "https://android.googlesource.com/platform/system/bt/+/5160c8d0bad685f7831d47e6048cfcb0998bbc84", "deprecated": false, "signature_version": "v1", "target": { "file": "profile/avrcp/connection_handler.cc" }, "signature_type": "Line" }, { "digest": { "threshold": 0.9, "line_hashes": [ "194928598227912554565230997380017534726", "77556518358887016562119304689174807795", "86632212868385445720299860168464525261", "144826320422077285944620029434252398822" ] }, "id": "ASB-A-174182139-247a05e1", "source": "https://android.googlesource.com/platform/system/bt/+/5160c8d0bad685f7831d47e6048cfcb0998bbc84", "deprecated": false, "signature_version": "v1", "target": { "file": "profile/avrcp/connection_handler.h" }, "signature_type": "Line" }, { "digest": { "length": 3093.0, "function_hash": "220432715238360302771225885058009308197" }, "id": "ASB-A-174182139-57ecdda1", "source": "https://android.googlesource.com/platform/system/bt/+/5160c8d0bad685f7831d47e6048cfcb0998bbc84", "deprecated": false, "signature_version": "v1", "target": { "file": "profile/avrcp/connection_handler.cc", "function": "ConnectionHandler::SdpCb" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/system/bt/+/5160c8d0bad685f7831d47e6048cfcb0998bbc84" ], "spl": "2021-06-01", "severity": "High", "types": [ "ID" ] }
{ "vanir_signatures": [ { "digest": { "length": 3093.0, "function_hash": "220432715238360302771225885058009308197" }, "id": "ASB-A-174182139-430a3310", "source": "https://android.googlesource.com/platform/system/bt/+/5160c8d0bad685f7831d47e6048cfcb0998bbc84", "deprecated": false, "signature_version": "v1", "target": { "file": "profile/avrcp/connection_handler.cc", "function": "ConnectionHandler::SdpCb" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "298198116241899993833217634389560504667", "287012202328669652311876090109824391990", "47879640589574822830942397260413806572", "201339308334320448245842070676463746924" ] }, "id": "ASB-A-174182139-cef489d9", "source": "https://android.googlesource.com/platform/system/bt/+/5160c8d0bad685f7831d47e6048cfcb0998bbc84", "deprecated": false, "signature_version": "v1", "target": { "file": "profile/avrcp/connection_handler.cc" }, "signature_type": "Line" }, { "digest": { "threshold": 0.9, "line_hashes": [ "194928598227912554565230997380017534726", "77556518358887016562119304689174807795", "86632212868385445720299860168464525261", "144826320422077285944620029434252398822" ] }, "id": "ASB-A-174182139-ef8ee825", "source": "https://android.googlesource.com/platform/system/bt/+/5160c8d0bad685f7831d47e6048cfcb0998bbc84", "deprecated": false, "signature_version": "v1", "target": { "file": "profile/avrcp/connection_handler.h" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/system/bt/+/5160c8d0bad685f7831d47e6048cfcb0998bbc84" ], "spl": "2021-06-01", "severity": "High", "types": [ "ID" ] }
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "133622156672709236633488552820528861554", "316643902702355795794671798071459542726", "157089739734219949707838566518876663940", "296190649613492093493013584429836317712" ] }, "id": "ASB-A-174182139-11481b95", "source": "https://android.googlesource.com/platform/system/bt/+/71c573ae67b6a15c33ad1036b37b999c54d7236b", "deprecated": false, "signature_version": "v1", "target": { "file": "profile/avrcp/connection_handler.h" }, "signature_type": "Line" }, { "digest": { "threshold": 0.9, "line_hashes": [ "298198116241899993833217634389560504667", "174298211505879605071222028669227333094", "77652035103966742432796253987282744798", "329842816619459239744471971419928151750" ] }, "id": "ASB-A-174182139-6de589a4", "source": "https://android.googlesource.com/platform/system/bt/+/71c573ae67b6a15c33ad1036b37b999c54d7236b", "deprecated": false, "signature_version": "v1", "target": { "file": "profile/avrcp/connection_handler.cc" }, "signature_type": "Line" }, { "digest": { "length": 3282.0, "function_hash": "291147108011544128857938207923043313668" }, "id": "ASB-A-174182139-b55a2239", "source": "https://android.googlesource.com/platform/system/bt/+/71c573ae67b6a15c33ad1036b37b999c54d7236b", "deprecated": false, "signature_version": "v1", "target": { "file": "profile/avrcp/connection_handler.cc", "function": "ConnectionHandler::SdpCb" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/system/bt/+/71c573ae67b6a15c33ad1036b37b999c54d7236b" ], "spl": "2021-06-01", "severity": "High", "types": [ "ID" ] }