Platform Packages Modules Bluetooth vulnerabilities

CVE-2024-0030 CVE-2024-0030: In btif_to_bta_response of btif_gatt_util In btif_to_bta_response of btif_gatt_util.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-0031 CVE-2024-0031: In attp_build_read_by_type_value_cmd of att_protocol In attp_build_read_by_type_value_cmd of att_protocol.cc , there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-0016 CVE-2024-0016: In multiple locations, there is a possible out of bounds read due to a missing bounds check In multiple locations, there is a possible out of bounds read due to a missing bounds check. This could lead to paired device information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-45781 CVE-2023-45781: In parse_gap_data of utils In parse_gap_data of utils.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-45866 CVE-2023-45866: In multiple locations, there is a possible way to inject keystrokes due to improper input validation In multiple locations, there is a possible way to inject keystrokes due to improper input validation. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-40078 CVE-2023-40078: In a2dp_vendor_opus_decoder_decode_packet of a2dp_vendor_opus_decoder In a2dp_vendor_opus_decoder_decode_packet of a2dp_vendor_opus_decoder.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-40090 CVE-2023-40090: In BTM_BleVerifySignature of btm_ble In BTM_BleVerifySignature of btm_ble.cc, there is a possible way to bypass signature validation due to side channel information disclosure. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-45776 CVE-2023-45776: In CreateAudioBroadcast of broadcaster In CreateAudioBroadcast of broadcaster.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-40087 CVE-2023-40087: In transcodeQ*ToFloat of btif_avrcp_audio_track In transcodeQ*ToFloat of btif_avrcp_audio_track.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-40083 CVE-2023-40083: In parse_gap_data of utils In parse_gap_data of utils.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-45775 CVE-2023-45775: In CreateAudioBroadcast of broadcaster In CreateAudioBroadcast of broadcaster.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-45773 CVE-2023-45773: In multiple functions of btm_ble_gap In multiple functions of btm_ble_gap.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-40080 CVE-2023-40080: In multiple functions of btm_ble_gap In multiple functions of btm_ble_gap.cc, there is a possible out of bounds write due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-40088 CVE-2023-40088: In callback_thread_event of com_android_bluetooth_btservice_AdapterService In callback_thread_event of com_android_bluetooth_btservice_AdapterService.cpp, there is a possible memory corruption due to a use after free. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-40129 CVE-2023-40129: In build_read_multi_rsp of gatt_sr In build_read_multi_rsp of gatt_sr.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-35666 CVE-2023-35666: In bta_av_rc_msg of bta_av_act In bta_av_rc_msg of bta_av_act.cc, there is a possible use after free due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-35684 CVE-2023-35684: In avdt_msg_asmbl of avdt_msg In avdt_msg_asmbl of avdt_msg.cc, there is a possible out of bounds write due to an integer overflow. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-35673 CVE-2023-35673: In build_read_multi_rsp of gatt_sr In build_read_multi_rsp of gatt_sr.cc, there is a possible out of bounds write due to an integer overflow. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-35681 CVE-2023-35681: In eatt_l2cap_reconfig_completed of eatt_impl In eatt_l2cap_reconfig_completed of eatt_impl.h, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-35658 CVE-2023-35658: In gatt_process_prep_write_rsp of gatt_cl In gatt_process_prep_write_rsp of gatt_cl.cc, there is a possible privilege escalation due to a use after free. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.