In avrcctrlparsvendorcmd of avrcparsct.cc, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.
{ "vanir_signatures": [ { "digest": { "length": 1145.0, "function_hash": "305541395741595188649213172767164191469" }, "id": "ASB-A-205571133-13a14f9d", "source": "https://android.googlesource.com/platform/system/bt/+/003e42896493afb7a0cd7406720987725d4e9da3", "deprecated": false, "signature_version": "v1", "target": { "file": "stack/avrc/avrc_pars_tg.cc", "function": "avrc_ctrl_pars_vendor_cmd" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "106952868721422034315462922253755098583", "28300491369943993044912096071713369607", "76663596602709785475083046558638226071" ] }, "id": "ASB-A-205571133-f06cccd7", "source": "https://android.googlesource.com/platform/system/bt/+/003e42896493afb7a0cd7406720987725d4e9da3", "deprecated": false, "signature_version": "v1", "target": { "file": "stack/avrc/avrc_pars_tg.cc" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/system/bt/+/003e42896493afb7a0cd7406720987725d4e9da3" ], "spl": "2022-07-01", "severity": "High", "types": [ "ID" ] }
{ "vanir_signatures": [ { "digest": { "length": 1145.0, "function_hash": "305541395741595188649213172767164191469" }, "id": "ASB-A-205571133-26e4438e", "source": "https://android.googlesource.com/platform/system/bt/+/003e42896493afb7a0cd7406720987725d4e9da3", "deprecated": false, "signature_version": "v1", "target": { "file": "stack/avrc/avrc_pars_tg.cc", "function": "avrc_ctrl_pars_vendor_cmd" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "106952868721422034315462922253755098583", "28300491369943993044912096071713369607", "76663596602709785475083046558638226071" ] }, "id": "ASB-A-205571133-aba04606", "source": "https://android.googlesource.com/platform/system/bt/+/003e42896493afb7a0cd7406720987725d4e9da3", "deprecated": false, "signature_version": "v1", "target": { "file": "stack/avrc/avrc_pars_tg.cc" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/system/bt/+/003e42896493afb7a0cd7406720987725d4e9da3" ], "spl": "2022-07-01", "severity": "High", "types": [ "ID" ] }
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "106952868721422034315462922253755098583", "28300491369943993044912096071713369607", "76663596602709785475083046558638226071" ] }, "id": "ASB-A-205571133-43122021", "source": "https://android.googlesource.com/platform/system/bt/+/003e42896493afb7a0cd7406720987725d4e9da3", "deprecated": false, "signature_version": "v1", "target": { "file": "stack/avrc/avrc_pars_tg.cc" }, "signature_type": "Line" }, { "digest": { "length": 1145.0, "function_hash": "305541395741595188649213172767164191469" }, "id": "ASB-A-205571133-d3718ba1", "source": "https://android.googlesource.com/platform/system/bt/+/003e42896493afb7a0cd7406720987725d4e9da3", "deprecated": false, "signature_version": "v1", "target": { "file": "stack/avrc/avrc_pars_tg.cc", "function": "avrc_ctrl_pars_vendor_cmd" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/system/bt/+/003e42896493afb7a0cd7406720987725d4e9da3" ], "spl": "2022-07-01", "severity": "High", "types": [ "ID" ] }
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "106952868721422034315462922253755098583", "28300491369943993044912096071713369607", "76663596602709785475083046558638226071" ] }, "id": "ASB-A-205571133-a4a5d5b8", "source": "https://android.googlesource.com/platform/system/bt/+/003e42896493afb7a0cd7406720987725d4e9da3", "deprecated": false, "signature_version": "v1", "target": { "file": "stack/avrc/avrc_pars_tg.cc" }, "signature_type": "Line" }, { "digest": { "length": 1145.0, "function_hash": "305541395741595188649213172767164191469" }, "id": "ASB-A-205571133-ccad02db", "source": "https://android.googlesource.com/platform/system/bt/+/003e42896493afb7a0cd7406720987725d4e9da3", "deprecated": false, "signature_version": "v1", "target": { "file": "stack/avrc/avrc_pars_tg.cc", "function": "avrc_ctrl_pars_vendor_cmd" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/system/bt/+/003e42896493afb7a0cd7406720987725d4e9da3" ], "spl": "2022-07-01", "severity": "High", "types": [ "ID" ] }