In registernotificationrsp of btif_rc.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
{ "vanir_signatures": [ { "digest": { "length": 2481.0, "function_hash": "333474244974845735124076347977841360913" }, "id": "ASB-A-245916076-2d5f668e", "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/daa3efc5e53c8613f4b1a33e095ff6c6460b8d02", "deprecated": false, "signature_version": "v1", "target": { "file": "system/btif/src/btif_rc.cc", "function": "register_notification_rsp" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "41505634453838932711310759207758210033", "36457990891724466920911047625859037663", "75827524418212291543698253757485864423" ] }, "id": "ASB-A-245916076-ee6bc6ef", "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/daa3efc5e53c8613f4b1a33e095ff6c6460b8d02", "deprecated": false, "signature_version": "v1", "target": { "file": "system/btif/src/btif_rc.cc" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/daa3efc5e53c8613f4b1a33e095ff6c6460b8d02" ], "spl": "2023-04-01", "severity": "High", "types": [ "ID" ] }
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "41505634453838932711310759207758210033", "36457990891724466920911047625859037663", "75827524418212291543698253757485864423" ] }, "id": "ASB-A-245916076-294da57a", "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/daa3efc5e53c8613f4b1a33e095ff6c6460b8d02", "deprecated": false, "signature_version": "v1", "target": { "file": "system/btif/src/btif_rc.cc" }, "signature_type": "Line" }, { "digest": { "length": 2481.0, "function_hash": "333474244974845735124076347977841360913" }, "id": "ASB-A-245916076-ab9eeb59", "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/daa3efc5e53c8613f4b1a33e095ff6c6460b8d02", "deprecated": false, "signature_version": "v1", "target": { "file": "system/btif/src/btif_rc.cc", "function": "register_notification_rsp" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/daa3efc5e53c8613f4b1a33e095ff6c6460b8d02" ], "spl": "2023-04-01", "severity": "High", "types": [ "ID" ] }