ASB-A-203431023

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-203431023.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-203431023
Aliases
  • A-203431023
  • CVE-2022-20126
Published
2022-06-01T00:00:00Z
Modified
2024-08-07T19:29:47.430264Z
Summary
App can set Scan Mode of device' s Bluetooth without showing system dialog to user.
Details

In setScanMode of AdapterService.java, there is a possible way to enable Bluetooth discovery mode without user interaction due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.

References

Affected packages

Android / platform/packages/modules/Bluetooth

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12L-next:0
Fixed
12L-next:2022-06-01

Affected versions

Other

12L-next

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 297.0,
                "function_hash": "306408796174320226647143357411811607888"
            },
            "id": "ASB-A-203431023-0564ff75",
            "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/e208fcf394b9591a41250de8ee8bdad3bd9af558",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "android/app/src/com/android/bluetooth/btservice/AdapterService.java",
                "function": "setDiscoverableTimeout"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "184196211465596637036676436981022160986",
                    "310663038790803474228144224051457634065",
                    "235200042516890789000893520623616856433",
                    "74056111292228662419642069507111208323",
                    "280865106268737356318352464790165724163",
                    "31751067178526632610812621753358219135",
                    "121380037984780544106085503251813162023",
                    "115406219874387320131559651200307225012",
                    "202006277810136237772203677493381325889",
                    "184997035097119368774453889288419654155",
                    "228403452926252819945841653792026404095",
                    "79357729360616193902807655643700292302",
                    "53073610528342643939637634752102331140",
                    "233298843227634921828128355666204684003",
                    "129041647635244075524337653918275144826",
                    "201497200635376658514585156517811832238",
                    "299108017017304219847357040897943149945",
                    "26336067661531312286298575742099149644",
                    "216431135408102165191893687207576056864",
                    "176281420003676838415340115292266963530",
                    "219325013445161890951510386503674400884",
                    "231031870505611136751596413830225061327",
                    "73397768373368757536479802789304542650",
                    "86297380719523360092289164958136849650",
                    "96504084766857505299204479415726309676",
                    "160057590753693384341480522250881637743",
                    "1133394177015753540700299389162097589",
                    "252693157415961571234960786732231294635",
                    "325256900392167122739568556677971918605",
                    "59383564349327758604786432256412400049",
                    "97788076907198308619448996106236548653",
                    "259482035435254778313450921017276894325"
                ]
            },
            "id": "ASB-A-203431023-0f43b4af",
            "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/e208fcf394b9591a41250de8ee8bdad3bd9af558",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "android/app/src/com/android/bluetooth/btservice/AdapterService.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 273.0,
                "function_hash": "337355188220726876884449145526534949697"
            },
            "id": "ASB-A-203431023-57193b34",
            "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/e208fcf394b9591a41250de8ee8bdad3bd9af558",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "android/app/src/com/android/bluetooth/btservice/AdapterService.java",
                "function": "getDiscoverableTimeout"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 350.0,
                "function_hash": "224398954382340583561811694483425651957"
            },
            "id": "ASB-A-203431023-da1724b4",
            "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/e208fcf394b9591a41250de8ee8bdad3bd9af558",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "android/app/src/com/android/bluetooth/btservice/AdapterService.java",
                "function": "setScanMode"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/e208fcf394b9591a41250de8ee8bdad3bd9af558"
    ],
    "spl": "2022-06-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/packages/apps/Bluetooth

Affected ranges

Type
ECOSYSTEM
Events
Introduced
10:0
Fixed
10:2022-06-01

Affected versions

Other

10

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "236829967481794875659806067643400471350",
                    "221889625477845835155469983470567822437",
                    "318959092762556263064621329974291824841",
                    "108872696766585779850438660990602331717"
                ]
            },
            "id": "ASB-A-203431023-7888c779",
            "source": "https://android.googlesource.com/platform/packages/apps/Bluetooth/+/95cbb22647ef5e4505f64d97b7dcbfad2a9fb0e0",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/bluetooth/btservice/AdapterService.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 209.0,
                "function_hash": "339203127178591143702063251470082974776"
            },
            "id": "ASB-A-203431023-a11e83cd",
            "source": "https://android.googlesource.com/platform/packages/apps/Bluetooth/+/95cbb22647ef5e4505f64d97b7dcbfad2a9fb0e0",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/bluetooth/btservice/AdapterService.java",
                "function": "setScanMode"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/packages/apps/Bluetooth/+/95cbb22647ef5e4505f64d97b7dcbfad2a9fb0e0"
    ],
    "spl": "2022-06-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/packages/apps/Bluetooth

Affected ranges

Type
ECOSYSTEM
Events
Introduced
11:0
Fixed
11:2022-06-01

Affected versions

Other

11

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "284189501339935948702336696034543302981",
                    "20429472355090212643904629645984168325",
                    "92254625992077032004077375276068304370",
                    "310656572878670007030099036643950233342"
                ]
            },
            "id": "ASB-A-203431023-a5b6da18",
            "source": "https://android.googlesource.com/platform/packages/apps/Bluetooth/+/649612a49791564b43e6f5d41cb4a5ae07d94394",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/bluetooth/btservice/AdapterService.java"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/packages/apps/Bluetooth/+/649612a49791564b43e6f5d41cb4a5ae07d94394"
    ],
    "spl": "2022-06-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/packages/apps/Bluetooth

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12:0
Fixed
12:2022-06-01

Affected versions

Other

12

Ecosystem specific

{
    "vanir_signatures": [
        {
            "match_only_versions": [
                "12"
            ],
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "115406219874387320131559651200307225012",
                    "202006277810136237772203677493381325889",
                    "184997035097119368774453889288419654155"
                ]
            },
            "id": "ASB-A-203431023-9bd93427",
            "source": "https://android.googlesource.com/platform/packages/apps/Bluetooth/+/e49e5dc377dd39c523c287b71c0831159e2cc6ae",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/bluetooth/btservice/AdapterService.java"
            },
            "signature_type": "Line"
        },
        {
            "match_only_versions": [
                "12"
            ],
            "digest": {
                "length": 350.0,
                "function_hash": "224398954382340583561811694483425651957"
            },
            "id": "ASB-A-203431023-aa617f78",
            "source": "https://android.googlesource.com/platform/packages/apps/Bluetooth/+/e49e5dc377dd39c523c287b71c0831159e2cc6ae",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/bluetooth/btservice/AdapterService.java",
                "function": "setScanMode"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/packages/apps/Bluetooth/+/e49e5dc377dd39c523c287b71c0831159e2cc6ae"
    ],
    "spl": "2022-06-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/packages/apps/Bluetooth

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12L:0
Fixed
12L:2022-06-01

Affected versions

Other

12L

Ecosystem specific

{
    "vanir_signatures": [
        {
            "match_only_versions": [
                "12L"
            ],
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "115406219874387320131559651200307225012",
                    "202006277810136237772203677493381325889",
                    "184997035097119368774453889288419654155"
                ]
            },
            "id": "ASB-A-203431023-829ae564",
            "source": "https://android.googlesource.com/platform/packages/apps/Bluetooth/+/e49e5dc377dd39c523c287b71c0831159e2cc6ae",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/bluetooth/btservice/AdapterService.java"
            },
            "signature_type": "Line"
        },
        {
            "match_only_versions": [
                "12L"
            ],
            "digest": {
                "length": 350.0,
                "function_hash": "224398954382340583561811694483425651957"
            },
            "id": "ASB-A-203431023-ff5778ad",
            "source": "https://android.googlesource.com/platform/packages/apps/Bluetooth/+/e49e5dc377dd39c523c287b71c0831159e2cc6ae",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/bluetooth/btservice/AdapterService.java",
                "function": "setScanMode"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/packages/apps/Bluetooth/+/e49e5dc377dd39c523c287b71c0831159e2cc6ae"
    ],
    "spl": "2022-06-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}