ASB-A-195410559

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-195410559.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-195410559
Aliases
  • A-195410559
  • CVE-2021-39673
Published
2022-10-01T00:00:00Z
Modified
2024-08-07T19:29:06.083530Z
Summary
[The use of BD_ADDR in BR/EDR as the identity address of BLE makes the dual-stack trackable]
Details

In btadmremovedevice of btadm_act.cc, there is a possible way for a BT device to receive a long term trackable identifier due to a permissions bypass. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/packages/modules/Bluetooth

Affected ranges

Type
ECOSYSTEM
Events
Introduced
13:0
Fixed
13:2022-10-01

Affected versions

Other

13

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 1391.0,
                "function_hash": "204128558517839783709342432677193717800"
            },
            "exact_target_file_match_only": true,
            "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/f4aa35adf8ed2e06a3d1273c18d3a3561644e0a4",
            "deprecated": false,
            "id": "ASB-A-195410559-07219777",
            "signature_version": "v1",
            "target": {
                "file": "system/stack/btm/btm_ble.cc",
                "function": "BTM_SecAddBleDevice"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "199206825782937533551232365465509237488",
                    "162245554832253266569229758359919054331",
                    "280030943942912715544861231547488220574",
                    "155255626714929324460461619589788156528",
                    "264401400468715934409769089728700952309"
                ]
            },
            "exact_target_file_match_only": true,
            "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/f4aa35adf8ed2e06a3d1273c18d3a3561644e0a4",
            "deprecated": false,
            "id": "ASB-A-195410559-0a0872ac",
            "signature_version": "v1",
            "target": {
                "file": "system/main/shim/btm_api.cc"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "260936490031339040683130593933517257275",
                    "142743158119496288073265439736713886406",
                    "188589391039302863625916775189577302274",
                    "155463368691050041105339485083081990294",
                    "229160748354944167482380962272175182743",
                    "162657397244421107928627160758940443039",
                    "257697859005223496457159838491246062530",
                    "162486628185525773140348330155282810004",
                    "317497588349573823019090169373617671224",
                    "197678382699566474924671531412288140688"
                ]
            },
            "id": "ASB-A-195410559-37e74eb6",
            "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/3baf1d6fa2b80197fcc278d1d29c6074065e2442",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "system/gd/hci/le_address_manager.cc"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 1006.0,
                "function_hash": "332927922331889009813032357513302530237"
            },
            "exact_target_file_match_only": true,
            "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/f4aa35adf8ed2e06a3d1273c18d3a3561644e0a4",
            "deprecated": false,
            "id": "ASB-A-195410559-431d4820",
            "signature_version": "v1",
            "target": {
                "file": "system/btif/src/btif_storage.cc",
                "function": "btif_storage_remove_bonded_device"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "283215450931985692815317944119360594934",
                    "98561674356244519414908117415864229665",
                    "196466217318339078374083905982701418165"
                ]
            },
            "exact_target_file_match_only": true,
            "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/f4aa35adf8ed2e06a3d1273c18d3a3561644e0a4",
            "deprecated": false,
            "id": "ASB-A-195410559-566d4af0",
            "signature_version": "v1",
            "target": {
                "file": "system/main/shim/btm_api.h"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "212104014143301240330176764803906409125"
                ]
            },
            "exact_target_file_match_only": true,
            "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/f4aa35adf8ed2e06a3d1273c18d3a3561644e0a4",
            "deprecated": false,
            "id": "ASB-A-195410559-6910fcef",
            "signature_version": "v1",
            "target": {
                "file": "system/bta/include/bta_api.h"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "217706887452652472909775799195184585659",
                    "7413942047572543896195629930365817592",
                    "143537988801541637952581949278506558881",
                    "323341362230084706548388200360759367615",
                    "261618727826124143324747606791276122809",
                    "339386986367096452091942807039990993199",
                    "208763730366055677015352948191630266856",
                    "163781212640301891480969981281341344157",
                    "290682634017117684825497209117873732275",
                    "115531431836093978842194200567957948577",
                    "115851880353199921188587569505730705468",
                    "52585866118260948952531862372656901954",
                    "160798343641663998493326803533422203730",
                    "154500535300184373852153271987818294151",
                    "263326579416680049729673121835394243727"
                ]
            },
            "exact_target_file_match_only": true,
            "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/f4aa35adf8ed2e06a3d1273c18d3a3561644e0a4",
            "deprecated": false,
            "id": "ASB-A-195410559-84a1216e",
            "signature_version": "v1",
            "target": {
                "file": "system/stack/btm/btm_ble.cc"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "209944026445026882928906945429570963289",
                    "119452501415360073250969970596661204495",
                    "201134992658573217646305852494410693434",
                    "307256859096279817457550280125541939729",
                    "261076564696789657766348420242188411860",
                    "207121853597581238286813107587853561282",
                    "226363678236170877304258953624902987949",
                    "12839450872721808140407113564531235048"
                ]
            },
            "exact_target_file_match_only": true,
            "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/f4aa35adf8ed2e06a3d1273c18d3a3561644e0a4",
            "deprecated": false,
            "id": "ASB-A-195410559-86c5c50e",
            "signature_version": "v1",
            "target": {
                "file": "system/btif/src/btif_storage.cc"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 2110.0,
                "function_hash": "308825382279477027343673241009001519043"
            },
            "id": "ASB-A-195410559-8d715306",
            "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/3baf1d6fa2b80197fcc278d1d29c6074065e2442",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "system/gd/hci/le_address_manager.cc",
                "function": "LeAddressManager::SetPrivacyPolicyForInitiatorAddress"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "103695966746884301387509814432171521491",
                    "138848410630616513536117343280635902826",
                    "163233651498112236928217491260275814154"
                ]
            },
            "exact_target_file_match_only": true,
            "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/f4aa35adf8ed2e06a3d1273c18d3a3561644e0a4",
            "deprecated": false,
            "id": "ASB-A-195410559-badf92db",
            "signature_version": "v1",
            "target": {
                "file": "system/bta/dm/bta_dm_int.h"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "266840716145634852173576008353515407843",
                    "198209986249736171376744745771636965591",
                    "61027019719815398523533801771240725545",
                    "15838550506692246751299107070564602772",
                    "136286208237603093245537361731500968722",
                    "68697064061280841865148834094333747637",
                    "270150413080094228112759586897907511981",
                    "145305823701625950690334138576431346288",
                    "338828588760667391774491374865979683125",
                    "102610417065177397422584866016522791825",
                    "59977367531333076293400756494798240797"
                ]
            },
            "exact_target_file_match_only": true,
            "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/f4aa35adf8ed2e06a3d1273c18d3a3561644e0a4",
            "deprecated": false,
            "id": "ASB-A-195410559-ca1a4a60",
            "signature_version": "v1",
            "target": {
                "file": "system/bta/dm/bta_dm_act.cc"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 611.0,
                "function_hash": "164192346293583884789519873400759218869"
            },
            "exact_target_file_match_only": true,
            "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/f4aa35adf8ed2e06a3d1273c18d3a3561644e0a4",
            "deprecated": false,
            "id": "ASB-A-195410559-ca42779c",
            "signature_version": "v1",
            "target": {
                "file": "system/stack/btm/btm_ble.cc",
                "function": "btm_ble_reset_id_impl"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "322565623498743490708868610314787224027",
                    "36794438819106040518089597001241498838",
                    "85546890152735325090817608062361500791",
                    "128836914221072246986567779208890253401"
                ]
            },
            "exact_target_file_match_only": true,
            "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/f4aa35adf8ed2e06a3d1273c18d3a3561644e0a4",
            "deprecated": false,
            "id": "ASB-A-195410559-ce709d53",
            "signature_version": "v1",
            "target": {
                "file": "system/gd/hci/le_address_manager.cc"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 1470.0,
                "function_hash": "53644348137777810034779084800532630437"
            },
            "exact_target_file_match_only": true,
            "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/f4aa35adf8ed2e06a3d1273c18d3a3561644e0a4",
            "deprecated": false,
            "id": "ASB-A-195410559-d3edd033",
            "signature_version": "v1",
            "target": {
                "file": "system/bta/dm/bta_dm_act.cc",
                "function": "bta_dm_remove_device"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "131718699226223782084585985844258401753",
                    "81920284495245439270987233131687053428",
                    "180825386225943766978298971936126813276"
                ]
            },
            "exact_target_file_match_only": true,
            "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/f4aa35adf8ed2e06a3d1273c18d3a3561644e0a4",
            "deprecated": false,
            "id": "ASB-A-195410559-ebbb1e3f",
            "signature_version": "v1",
            "target": {
                "file": "system/test/mock/mock_bta_dm_act.h"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 1886.0,
                "function_hash": "155691105060646540724183956370465455491"
            },
            "exact_target_file_match_only": true,
            "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/f4aa35adf8ed2e06a3d1273c18d3a3561644e0a4",
            "deprecated": false,
            "id": "ASB-A-195410559-ebeba30e",
            "signature_version": "v1",
            "target": {
                "file": "system/gd/hci/le_address_manager.cc",
                "function": "LeAddressManager::SetPrivacyPolicyForInitiatorAddress"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/f4aa35adf8ed2e06a3d1273c18d3a3561644e0a4",
        "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/3baf1d6fa2b80197fcc278d1d29c6074065e2442"
    ],
    "spl": "2022-10-01",
    "severity": "High",
    "types": [
        "ID"
    ]
}