In btmbleperiodicadvsynclost of btmble_gap.cc, there is a possible remote code execution due to a buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "41644859437098467530379123186966631764", "274792683209642091392980635921764301368", "199733210852372911363408840020203041183", "225025848897839420466905974188431469555" ] }, "id": "ASB-A-273502002-1baa9877", "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/c077ffbe609c33adc212b73cd3018b174f0c8f89", "deprecated": false, "signature_version": "v1", "target": { "file": "system/stack/btm/btm_ble_gap.cc" }, "signature_type": "Line" }, { "digest": { "length": 354.0, "function_hash": "110283395503268788133368889391625864560" }, "id": "ASB-A-273502002-83fe0a0b", "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/c077ffbe609c33adc212b73cd3018b174f0c8f89", "deprecated": false, "signature_version": "v1", "target": { "file": "system/stack/btm/btm_ble_gap.cc", "function": "btm_ble_periodic_adv_sync_lost" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/c077ffbe609c33adc212b73cd3018b174f0c8f89" ], "spl": "2023-06-01", "severity": "Critical", "types": [ "RCE" ] }
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "41644859437098467530379123186966631764", "274792683209642091392980635921764301368", "199733210852372911363408840020203041183", "225025848897839420466905974188431469555" ] }, "id": "ASB-A-273502002-3d4bd148", "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/c077ffbe609c33adc212b73cd3018b174f0c8f89", "deprecated": false, "signature_version": "v1", "target": { "file": "system/stack/btm/btm_ble_gap.cc" }, "signature_type": "Line" }, { "digest": { "length": 354.0, "function_hash": "110283395503268788133368889391625864560" }, "id": "ASB-A-273502002-426d9936", "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/c077ffbe609c33adc212b73cd3018b174f0c8f89", "deprecated": false, "signature_version": "v1", "target": { "file": "system/stack/btm/btm_ble_gap.cc", "function": "btm_ble_periodic_adv_sync_lost" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/c077ffbe609c33adc212b73cd3018b174f0c8f89" ], "spl": "2023-06-01", "severity": "Critical", "types": [ "RCE" ] }