ASB-A-225880741

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-225880741.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-225880741
Aliases
  • A-225880741
  • CVE-2022-20467
Published
2023-03-01T00:00:00Z
Modified
2024-08-07T19:29:46.818086Z
Summary
Bypassing check of isBluetoothShareUri to force Bluetooth app to grant its accessible ContentProviders' access
Details

In isBluetoothShareUri of BluetoothOppUtility.java, there is a possible incorrect file read due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

References

Affected packages

Android / platform/packages/modules/Bluetooth

Affected ranges

Type
ECOSYSTEM
Events
Introduced
13-next:0
Fixed
13-next:2023-03-01

Affected versions

Other

13-next

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 123.0,
                "function_hash": "261329455908047184565872185916903753976"
            },
            "id": "ASB-A-225880741-07ea022c",
            "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/153caf081381c896ea2808092db265b21e95b79c",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "android/app/src/com/android/bluetooth/opp/BluetoothOppUtility.java",
                "function": "isBluetoothShareUri"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "316707232245811723912201586800200398395",
                    "109771264482061673313934754623092882309",
                    "309952113044682722106782716479657801352",
                    "217933077910029420220650371611846817311",
                    "22813210918215448057860708162486899647",
                    "192438461793407648110148612138627636587",
                    "254622851146180678188247996846260273558",
                    "273102632977374839095363248019415478494"
                ]
            },
            "id": "ASB-A-225880741-f13a8076",
            "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/153caf081381c896ea2808092db265b21e95b79c",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "android/app/src/com/android/bluetooth/opp/BluetoothOppUtility.java"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/153caf081381c896ea2808092db265b21e95b79c"
    ],
    "spl": "2023-03-01",
    "severity": "High",
    "types": [
        "ID"
    ]
}

Android / platform/packages/apps/Bluetooth

Affected ranges

Type
ECOSYSTEM
Events
Introduced
11:0
Fixed
11:2023-03-01

Affected versions

Other

11

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "231265469921722254443663198676858435085",
                    "113926598669968991082154297249782273070",
                    "53995942397248229722879773008775705568",
                    "150990503994559136012071417099121170355",
                    "22813210918215448057860708162486899647",
                    "192438461793407648110148612138627636587",
                    "254622851146180678188247996846260273558",
                    "273102632977374839095363248019415478494"
                ]
            },
            "id": "ASB-A-225880741-6694e260",
            "source": "https://android.googlesource.com/platform/packages/apps/Bluetooth/+/d0957cfdf1fc1b36620c1545643ffbc37f0ac24c",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/bluetooth/opp/BluetoothOppUtility.java"
            },
            "signature_type": "Line"
        },
        {
            "match_only_versions": [
                "11"
            ],
            "digest": {
                "length": 123.0,
                "function_hash": "261329455908047184565872185916903753976"
            },
            "id": "ASB-A-225880741-80962e24",
            "source": "https://android.googlesource.com/platform/packages/apps/Bluetooth/+/d0957cfdf1fc1b36620c1545643ffbc37f0ac24c",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/bluetooth/opp/BluetoothOppUtility.java",
                "function": "isBluetoothShareUri"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/packages/apps/Bluetooth/+/d0957cfdf1fc1b36620c1545643ffbc37f0ac24c"
    ],
    "spl": "2023-03-01",
    "severity": "High",
    "types": [
        "ID"
    ]
}

Android / platform/packages/apps/Bluetooth

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12:0
Fixed
12:2023-03-01

Affected versions

Other

12

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "231265469921722254443663198676858435085",
                    "113926598669968991082154297249782273070",
                    "53995942397248229722879773008775705568",
                    "150990503994559136012071417099121170355",
                    "22813210918215448057860708162486899647",
                    "192438461793407648110148612138627636587",
                    "254622851146180678188247996846260273558",
                    "273102632977374839095363248019415478494"
                ]
            },
            "id": "ASB-A-225880741-27bf44b1",
            "source": "https://android.googlesource.com/platform/packages/apps/Bluetooth/+/d0957cfdf1fc1b36620c1545643ffbc37f0ac24c",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/bluetooth/opp/BluetoothOppUtility.java"
            },
            "signature_type": "Line"
        },
        {
            "match_only_versions": [
                "12"
            ],
            "digest": {
                "length": 123.0,
                "function_hash": "261329455908047184565872185916903753976"
            },
            "id": "ASB-A-225880741-8740f8cc",
            "source": "https://android.googlesource.com/platform/packages/apps/Bluetooth/+/d0957cfdf1fc1b36620c1545643ffbc37f0ac24c",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/bluetooth/opp/BluetoothOppUtility.java",
                "function": "isBluetoothShareUri"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/packages/apps/Bluetooth/+/d0957cfdf1fc1b36620c1545643ffbc37f0ac24c"
    ],
    "spl": "2023-03-01",
    "severity": "High",
    "types": [
        "ID"
    ]
}

Android / platform/packages/apps/Bluetooth

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12L:0
Fixed
12L:2023-03-01

Affected versions

Other

12L

Ecosystem specific

{
    "vanir_signatures": [
        {
            "match_only_versions": [
                "12L"
            ],
            "digest": {
                "length": 123.0,
                "function_hash": "261329455908047184565872185916903753976"
            },
            "id": "ASB-A-225880741-3cddf2fb",
            "source": "https://android.googlesource.com/platform/packages/apps/Bluetooth/+/d0957cfdf1fc1b36620c1545643ffbc37f0ac24c",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/bluetooth/opp/BluetoothOppUtility.java",
                "function": "isBluetoothShareUri"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "231265469921722254443663198676858435085",
                    "113926598669968991082154297249782273070",
                    "53995942397248229722879773008775705568",
                    "150990503994559136012071417099121170355",
                    "22813210918215448057860708162486899647",
                    "192438461793407648110148612138627636587",
                    "254622851146180678188247996846260273558",
                    "273102632977374839095363248019415478494"
                ]
            },
            "id": "ASB-A-225880741-59b74881",
            "source": "https://android.googlesource.com/platform/packages/apps/Bluetooth/+/d0957cfdf1fc1b36620c1545643ffbc37f0ac24c",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/bluetooth/opp/BluetoothOppUtility.java"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/packages/apps/Bluetooth/+/d0957cfdf1fc1b36620c1545643ffbc37f0ac24c"
    ],
    "spl": "2023-03-01",
    "severity": "High",
    "types": [
        "ID"
    ]
}

Android / platform/packages/modules/Bluetooth

Affected ranges

Type
ECOSYSTEM
Events
Introduced
13:0
Fixed
13:2023-03-01

Affected versions

Other

13

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 123.0,
                "function_hash": "261329455908047184565872185916903753976"
            },
            "id": "ASB-A-225880741-7861eebe",
            "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/29a297b4c31acac87fe854fa28a2054226fd9e8c",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "android/app/src/com/android/bluetooth/opp/BluetoothOppUtility.java",
                "function": "isBluetoothShareUri"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "316707232245811723912201586800200398395",
                    "109771264482061673313934754623092882309",
                    "309952113044682722106782716479657801352",
                    "217933077910029420220650371611846817311",
                    "22813210918215448057860708162486899647",
                    "192438461793407648110148612138627636587",
                    "254622851146180678188247996846260273558",
                    "273102632977374839095363248019415478494"
                ]
            },
            "id": "ASB-A-225880741-ef4dfc66",
            "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/29a297b4c31acac87fe854fa28a2054226fd9e8c",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "android/app/src/com/android/bluetooth/opp/BluetoothOppUtility.java"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/29a297b4c31acac87fe854fa28a2054226fd9e8c"
    ],
    "spl": "2023-03-01",
    "severity": "High",
    "types": [
        "ID"
    ]
}