ASB-A-186803518

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-186803518.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-186803518
Aliases
  • A-186803518
  • CVE-2023-20952
Published
2023-03-01T00:00:00Z
Modified
2024-08-07T19:29:44.794467Z
Summary
a2dp_codec_fuzz: Tag-mismatch in A2DP_BuildCodecHeaderSbc
Details

In A2DPBuildCodecHeaderSbc of a2dpsbc.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/packages/modules/Bluetooth

Affected ranges

Type
ECOSYSTEM
Events
Introduced
13-next:0
Fixed
13-next:2023-03-01

Affected versions

Other

13-next

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "249467105770412828602936980127046494444",
                    "51269215473166754889499891976278170469",
                    "128257971113454018681435094771519547281",
                    "147510532338844957757740389563405766239"
                ]
            },
            "id": "ASB-A-186803518-410c9498",
            "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/cd5a404fa5c0b073de027f06c227ffa53773fd7d",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "system/stack/a2dp/a2dp_sbc.cc"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "296556147406330627874925836528608605248",
                    "245430012615150207290794498376612315317",
                    "65955188663457735581715967752580334423"
                ]
            },
            "id": "ASB-A-186803518-61d9c701",
            "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/eb53b8cbf548873bea30cf0ac6a753d679be4511",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "system/stack/a2dp/a2dp_sbc.cc"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/eb53b8cbf548873bea30cf0ac6a753d679be4511",
        "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/46dc2f111709cea06e41ae2943be3b8183281bdd",
        "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/cd5a404fa5c0b073de027f06c227ffa53773fd7d"
    ],
    "spl": "2023-03-01",
    "severity": "High",
    "types": [
        "ID"
    ]
}

Android / platform/system/bt

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
11:0
Fixed
11:2023-03-01

Affected versions

Other

11

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "174637781470851331325020498513394251697",
                    "228587247365173046208711015258126312277",
                    "105881286815907948529534873857928629637"
                ]
            },
            "id": "ASB-A-186803518-e1e4d0e2",
            "source": "https://android.googlesource.com/platform/system/bt/+/a710300216be4a86373a65c6a685aeef8509cfa7",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "stack/a2dp/a2dp_sbc.cc"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/system/bt/+/a710300216be4a86373a65c6a685aeef8509cfa7"
    ],
    "spl": "2023-03-01",
    "severity": "High",
    "types": [
        "ID"
    ]
}

Android / platform/system/bt

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12:0
Fixed
12:2023-03-01

Affected versions

Other

12

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "174637781470851331325020498513394251697",
                    "228587247365173046208711015258126312277",
                    "105881286815907948529534873857928629637"
                ]
            },
            "id": "ASB-A-186803518-95c4cb97",
            "source": "https://android.googlesource.com/platform/system/bt/+/a710300216be4a86373a65c6a685aeef8509cfa7",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "stack/a2dp/a2dp_sbc.cc"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/system/bt/+/a710300216be4a86373a65c6a685aeef8509cfa7"
    ],
    "spl": "2023-03-01",
    "severity": "High",
    "types": [
        "ID"
    ]
}

Android / platform/system/bt

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12L:0
Fixed
12L:2023-03-01

Affected versions

Other

12L

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "174637781470851331325020498513394251697",
                    "228587247365173046208711015258126312277",
                    "105881286815907948529534873857928629637"
                ]
            },
            "id": "ASB-A-186803518-4f5c51fc",
            "source": "https://android.googlesource.com/platform/system/bt/+/a710300216be4a86373a65c6a685aeef8509cfa7",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "stack/a2dp/a2dp_sbc.cc"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/system/bt/+/a710300216be4a86373a65c6a685aeef8509cfa7"
    ],
    "spl": "2023-03-01",
    "severity": "High",
    "types": [
        "ID"
    ]
}

Android / platform/packages/modules/Bluetooth

Affected ranges

Type
ECOSYSTEM
Events
Introduced
13:0
Fixed
13:2023-03-01

Affected versions

Other

13

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "296556147406330627874925836528608605248",
                    "245430012615150207290794498376612315317",
                    "65955188663457735581715967752580334423"
                ]
            },
            "id": "ASB-A-186803518-071cb262",
            "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/b0d7d4e82902f15504ef4f2be4524b1913df5afe",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "system/stack/a2dp/a2dp_sbc.cc"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/b0d7d4e82902f15504ef4f2be4524b1913df5afe"
    ],
    "spl": "2023-03-01",
    "severity": "High",
    "types": [
        "ID"
    ]
}