ASB-A-275340684

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-275340684.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-275340684
Aliases
  • A-275340684
  • CVE-2023-45775
Published
2023-12-01T00:00:00Z
Modified
2024-08-07T19:29:32.443612Z
Summary
[Bug 1/2] Potential oob read due to missing bounds check in LeAudioBroadcasterImpl::CreateAudioBroadcast() of bluetooth stack
Details

In CreateAudioBroadcast of broadcaster.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/packages/modules/Bluetooth

Affected ranges

Type
ECOSYSTEM
Events
Introduced
14-next:0
Fixed
14-next:2023-12-01

Affected versions

Other

14-next

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "142684289885384697536288631086263826842",
                    "16406206357247479788666354731309863657",
                    "286905061467636589645434065539620543548",
                    "100785283712054938349270543023197146987",
                    "43855841289177912729581738001999468354",
                    "16406206357247479788666354731309863657",
                    "13976835086402222212545783096397724990",
                    "284047784408702917118367082191050182332"
                ]
            },
            "id": "ASB-A-275340684-8690136a",
            "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/5f9059acdfed500ea5ff4b159795280d5fa2ecbf",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "system/bta/le_audio/broadcaster/broadcaster.cc"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/5f9059acdfed500ea5ff4b159795280d5fa2ecbf"
    ],
    "spl": "2023-12-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/packages/modules/Bluetooth

Affected ranges

Type
ECOSYSTEM
Events
Introduced
14:0
Fixed
14:2023-12-01

Affected versions

Other

14

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "142684289885384697536288631086263826842",
                    "16406206357247479788666354731309863657",
                    "286905061467636589645434065539620543548",
                    "100785283712054938349270543023197146987",
                    "43855841289177912729581738001999468354",
                    "16406206357247479788666354731309863657",
                    "13976835086402222212545783096397724990",
                    "284047784408702917118367082191050182332"
                ]
            },
            "id": "ASB-A-275340684-898735a2",
            "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/5f9059acdfed500ea5ff4b159795280d5fa2ecbf",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "system/bta/le_audio/broadcaster/broadcaster.cc"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/5f9059acdfed500ea5ff4b159795280d5fa2ecbf"
    ],
    "spl": "2023-12-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}