In btiftobtaresponse of btifgatt_util.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "202991032960362422517212061651315429651", "321249832527434796014820119811843627176", "27832860643651216333046709776896742070", "57773542021582817444303892642630949175", "146396255764806564039855411370647568286", "90907461178474826794676138695197879378", "50165556766328754191307225497255471160" ] }, "id": "ASB-A-276898739-64e81fdf", "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/0dbf1a6ed704dedc92e1ea1196dd6428b4d50240", "deprecated": false, "signature_version": "v1", "target": { "file": "system/btif/src/btif_gatt_util.cc" }, "signature_type": "Line" }, { "digest": { "length": 391.0, "function_hash": "172121765943073291311934871754999822330" }, "id": "ASB-A-276898739-9bda07aa", "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/0dbf1a6ed704dedc92e1ea1196dd6428b4d50240", "deprecated": false, "signature_version": "v1", "target": { "file": "system/btif/src/btif_gatt_util.cc", "function": "btif_to_bta_response" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/0dbf1a6ed704dedc92e1ea1196dd6428b4d50240" ], "spl": "2024-02-01", "severity": "High", "types": [ "ID" ] }
{ "vanir_signatures": [ { "digest": { "length": 391.0, "function_hash": "172121765943073291311934871754999822330" }, "id": "ASB-A-276898739-0b9e6220", "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/59c9e84bd31d4935a875d588bf4d2cc5bfb07d59", "deprecated": false, "signature_version": "v1", "target": { "file": "system/btif/src/btif_gatt_util.cc", "function": "btif_to_bta_response" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "202991032960362422517212061651315429651", "321249832527434796014820119811843627176", "27832860643651216333046709776896742070", "57773542021582817444303892642630949175", "146396255764806564039855411370647568286", "90907461178474826794676138695197879378", "50165556766328754191307225497255471160" ] }, "id": "ASB-A-276898739-4667fa4c", "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/59c9e84bd31d4935a875d588bf4d2cc5bfb07d59", "deprecated": false, "signature_version": "v1", "target": { "file": "system/btif/src/btif_gatt_util.cc" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/59c9e84bd31d4935a875d588bf4d2cc5bfb07d59" ], "spl": "2024-02-01", "severity": "High", "types": [ "ID" ] }
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "202991032960362422517212061651315429651", "321249832527434796014820119811843627176", "27832860643651216333046709776896742070", "57773542021582817444303892642630949175", "146396255764806564039855411370647568286", "90907461178474826794676138695197879378", "50165556766328754191307225497255471160" ] }, "id": "ASB-A-276898739-39c2f00c", "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/59c9e84bd31d4935a875d588bf4d2cc5bfb07d59", "deprecated": false, "signature_version": "v1", "target": { "file": "system/btif/src/btif_gatt_util.cc" }, "signature_type": "Line" }, { "digest": { "length": 391.0, "function_hash": "172121765943073291311934871754999822330" }, "id": "ASB-A-276898739-cab15717", "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/59c9e84bd31d4935a875d588bf4d2cc5bfb07d59", "deprecated": false, "signature_version": "v1", "target": { "file": "system/btif/src/btif_gatt_util.cc", "function": "btif_to_bta_response" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/59c9e84bd31d4935a875d588bf4d2cc5bfb07d59" ], "spl": "2024-02-01", "severity": "High", "types": [ "ID" ] }