In btaavrcdiscdone of btaavact.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "174740507774141626498297469825591041546", "67274052042458865081982972152876052666", "126466726827354327855057899359887170964", "209177717336835330717869786405419104100", "64855870994560653407214698500002782102" ] }, "id": "ASB-A-226927612-6db1680f", "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/e74ee03c331514ac07b806e82077cc8a1d4e34e9", "deprecated": false, "signature_version": "v1", "target": { "file": "system/bta/av/bta_av_act.cc" }, "signature_type": "Line" }, { "digest": { "length": 3398.0, "function_hash": "104665024436351864154360939788235158045" }, "id": "ASB-A-226927612-a1ee1636", "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/e74ee03c331514ac07b806e82077cc8a1d4e34e9", "deprecated": false, "signature_version": "v1", "target": { "file": "system/bta/av/bta_av_act.cc", "function": "bta_av_rc_disc_done" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/e74ee03c331514ac07b806e82077cc8a1d4e34e9" ], "spl": "2023-03-01", "severity": "High", "types": [ "EoP" ] }
{ "vanir_signatures": [ { "digest": { "length": 3398.0, "function_hash": "104665024436351864154360939788235158045" }, "id": "ASB-A-226927612-d50e7411", "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/e74ee03c331514ac07b806e82077cc8a1d4e34e9", "deprecated": false, "signature_version": "v1", "target": { "file": "system/bta/av/bta_av_act.cc", "function": "bta_av_rc_disc_done" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "174740507774141626498297469825591041546", "67274052042458865081982972152876052666", "126466726827354327855057899359887170964", "209177717336835330717869786405419104100", "64855870994560653407214698500002782102" ] }, "id": "ASB-A-226927612-fbfb95f0", "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/e74ee03c331514ac07b806e82077cc8a1d4e34e9", "deprecated": false, "signature_version": "v1", "target": { "file": "system/bta/av/bta_av_act.cc" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/e74ee03c331514ac07b806e82077cc8a1d4e34e9" ], "spl": "2023-03-01", "severity": "High", "types": [ "EoP" ] }