In CreateAudioBroadcast of broadcaster.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "142684289885384697536288631086263826842", "16406206357247479788666354731309863657", "286905061467636589645434065539620543548", "100785283712054938349270543023197146987", "43855841289177912729581738001999468354", "16406206357247479788666354731309863657", "13976835086402222212545783096397724990", "284047784408702917118367082191050182332" ] }, "id": "ASB-A-275340684-8690136a", "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/5f9059acdfed500ea5ff4b159795280d5fa2ecbf", "deprecated": false, "signature_version": "v1", "target": { "file": "system/bta/le_audio/broadcaster/broadcaster.cc" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/5f9059acdfed500ea5ff4b159795280d5fa2ecbf" ], "spl": "2023-12-01", "severity": "High", "types": [ "EoP" ] }
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "142684289885384697536288631086263826842", "16406206357247479788666354731309863657", "286905061467636589645434065539620543548", "100785283712054938349270543023197146987", "43855841289177912729581738001999468354", "16406206357247479788666354731309863657", "13976835086402222212545783096397724990", "284047784408702917118367082191050182332" ] }, "id": "ASB-A-275340684-898735a2", "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/5f9059acdfed500ea5ff4b159795280d5fa2ecbf", "deprecated": false, "signature_version": "v1", "target": { "file": "system/bta/le_audio/broadcaster/broadcaster.cc" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/5f9059acdfed500ea5ff4b159795280d5fa2ecbf" ], "spl": "2023-12-01", "severity": "High", "types": [ "EoP" ] }