In smpprocrand of smp_act.cc, there is a possible authentication bypass during legacy BLE pairing due to incorrect implementation of a protocol. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
{ "vanir_signatures": [ { "digest": { "length": 352.0, "function_hash": "321571789285904334492730743639956922213" }, "id": "ASB-A-251514170-3fbe783e", "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/eaa367379e0f08d5ab3167ac49136343e0c87e52", "deprecated": false, "signature_version": "v1", "target": { "file": "system/stack/smp/smp_act.cc", "function": "smp_proc_rand" }, "signature_type": "Function" }, { "digest": { "length": 155.0, "function_hash": "310836050937169455387554377117328168799" }, "id": "ASB-A-251514170-a2866d9a", "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/eaa367379e0f08d5ab3167ac49136343e0c87e52", "deprecated": false, "signature_version": "v1", "target": { "file": "system/stack/smp/smp_act.cc", "function": "smp_send_confirm" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "76016990345088518128060597595811943963", "302590340112657390498622356868910682549", "223964831944845757341067812058928167970", "199893950464949796952010713464199678017", "63269745553648631491921231036164254688", "133178774613934554449228570743171422198", "235887221604097201012289294919459199777" ] }, "id": "ASB-A-251514170-f93c8a46", "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/eaa367379e0f08d5ab3167ac49136343e0c87e52", "deprecated": false, "signature_version": "v1", "target": { "file": "system/stack/smp/smp_act.cc" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/eaa367379e0f08d5ab3167ac49136343e0c87e52" ], "spl": "2024-07-01", "severity": "High", "types": [ "EoP" ] }