ASB-A-318374503

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-318374503.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-318374503
Aliases
  • A-318374503
  • CVE-2024-23717
Published
2024-03-01T00:00:00Z
Modified
2024-08-07T19:29:39.627006Z
Summary
Unauthenticated Bluetooth keystroke-injection in Pixel 7 running AP11.231117.006
Details

In accesssecureservicefromtempbond of btmsec.cc, there is a possible way to achieve keystroke injection due to improper input validation. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/packages/modules/Bluetooth

Affected ranges

Type
ECOSYSTEM
Events
Introduced
14-next:0
Fixed
14-next:2024-03-01

Affected versions

Other

14-next

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 232.0,
                "function_hash": "333735336583064087039902703448593069282"
            },
            "id": "ASB-A-318374503-3ca3c81e",
            "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/9402b43e919b3706d33a4534e13468b95896b5c5",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "system/stack/btm/btm_sec.cc",
                "function": "access_secure_service_from_temp_bond"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "73020516892836227850873902746339412076",
                    "225516260501769301590541943710397904252",
                    "105654584775185336510310529998476958019",
                    "325063771327590450643352016418496974272"
                ]
            },
            "id": "ASB-A-318374503-c8a82fef",
            "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/9402b43e919b3706d33a4534e13468b95896b5c5",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "system/stack/btm/btm_sec.cc"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/9402b43e919b3706d33a4534e13468b95896b5c5"
    ],
    "spl": "2024-03-01",
    "severity": "Critical",
    "types": [
        "EoP"
    ]
}

Android / platform/packages/modules/Bluetooth

Affected ranges

Type
ECOSYSTEM
Events
Introduced
13:0
Fixed
13:2024-03-01

Affected versions

Other

13

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "231790709002883891973800308045898413132",
                    "295905668830846017767970564492123207739",
                    "295610151115085055824572039453931712567",
                    "17400750266784036359344154410214078877",
                    "227633893623229621582798433050040704196"
                ]
            },
            "id": "ASB-A-318374503-88fe4656",
            "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/62944f39f502b28687a5142ec2d77585525591bc",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "system/stack/btm/btm_sec.cc"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 212.0,
                "function_hash": "115920379014818069597213206974632673599"
            },
            "id": "ASB-A-318374503-9eb84a84",
            "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/62944f39f502b28687a5142ec2d77585525591bc",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "system/stack/btm/btm_sec.cc",
                "function": "access_secure_service_from_temp_bond"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/62944f39f502b28687a5142ec2d77585525591bc"
    ],
    "spl": "2024-03-01",
    "severity": "Critical",
    "types": [
        "EoP"
    ]
}

Android / platform/packages/modules/Bluetooth

Affected ranges

Type
ECOSYSTEM
Events
Introduced
14:0
Fixed
14:2024-03-01

Affected versions

Other

14

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "231790709002883891973800308045898413132",
                    "295905668830846017767970564492123207739",
                    "295610151115085055824572039453931712567",
                    "17400750266784036359344154410214078877",
                    "227633893623229621582798433050040704196"
                ]
            },
            "id": "ASB-A-318374503-6f9c3a80",
            "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/62944f39f502b28687a5142ec2d77585525591bc",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "system/stack/btm/btm_sec.cc"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 212.0,
                "function_hash": "115920379014818069597213206974632673599"
            },
            "id": "ASB-A-318374503-8054a4a2",
            "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/62944f39f502b28687a5142ec2d77585525591bc",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "system/stack/btm/btm_sec.cc",
                "function": "access_secure_service_from_temp_bond"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/62944f39f502b28687a5142ec2d77585525591bc"
    ],
    "spl": "2024-03-01",
    "severity": "Critical",
    "types": [
        "EoP"
    ]
}