Platform Packages Modules Bluetooth vulnerabilities

CVE-2023-20986 CVE-2023-20986: In btm_ble_clear_resolving_list_completecomplete of btm_ble_privacy In btm_ble_clear_resolving_list_completecomplete of btm_ble_privacy.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-20991 CVE-2023-20991: In btm_ble_process_periodic_adv_sync_lost_evt of ble_scanner_hci_interface In btm_ble_process_periodic_adv_sync_lost_evt of ble_scanner_hci_interface.cc , there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-21195 CVE-2023-21195: In btm_ble_periodic_adv_sync_tx_rcvd of btm_ble_gap In btm_ble_periodic_adv_sync_tx_rcvd of btm_ble_gap.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure over Bluetooth, if the firmware were compromised with System execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-20981 CVE-2023-20981: In btu_ble_rc_param_req_evt of btu_hcif In btu_ble_rc_param_req_evt of btu_hcif.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-21130 CVE-2023-21130: In btm_ble_periodic_adv_sync_lost of btm_ble_gap In btm_ble_periodic_adv_sync_lost of btm_ble_gap.cc, there is a possible remote code execution due to a buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-21197 CVE-2023-21197: In btm_acl_process_sca_cmpl_pkt of btm_acl In btm_acl_process_sca_cmpl_pkt of btm_acl.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-20984 CVE-2023-20984: In ParseBqrLinkQualityEvt of btif_bqr In ParseBqrLinkQualityEvt of btif_bqr.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-21199 CVE-2023-21199: In btu_ble_proc_ltk_req of btu_hcif In btu_ble_proc_ltk_req of btu_hcif.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-20977 CVE-2023-20977: In btm_ble_read_remote_features_complete of btm_ble_gap In btm_ble_read_remote_features_complete of btm_ble_gap.cc, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure if the firmware were compromised with System execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-21200 CVE-2023-21200: In on_remove_iso_data_path of btm_iso_impl In on_remove_iso_data_path of btm_iso_impl.h, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-20979 CVE-2023-20979: In GetNextSourceDataPacket of bta_av_co In GetNextSourceDataPacket of bta_av_co.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-21190 CVE-2023-21190: In btm_acl_encrypt_change of btm_acl In btm_acl_encrypt_change of btm_acl.cc, there is a possible way for a remote device to turn off encryption without resulting in a terminated connection due to an unusual root cause. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

CVE-2023-21194 CVE-2023-21194: In gatt_dbg_op_name of gatt_utils In gatt_dbg_op_name of gatt_utils.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the Bluetooth server with System execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-21108 CVE-2023-21108: In sdpu_build_uuid_seq of sdp_discovery In sdpu_build_uuid_seq of sdp_discovery.cc, there is a possible out of bounds write due to a use after free. This could lead to remote code execution over Bluetooth, if HFP support is enabled, with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-21096 CVE-2023-21096: In OnWakelockReleased of attribution_processor In OnWakelockReleased of attribution_processor.cc, there is a use after free that could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-21080 CVE-2023-21080: In register_notification_rsp of btif_rc In register_notification_rsp of btif_rc.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-20967 CVE-2023-20967: In avdt_scb_hdl_pkt_no_frag of avdt_scb_act In avdt_scb_hdl_pkt_no_frag of avdt_scb_act.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-20952 CVE-2023-20952: In A2DP_BuildCodecHeaderSbc of a2dp_sbc In A2DP_BuildCodecHeaderSbc of a2dp_sbc.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-20954 CVE-2023-20954: In SDP_AddAttribute of sdp_db In SDP_AddAttribute of sdp_db.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-20951 CVE-2023-20951: In gatt_process_prep_write_rsp of gatt_cl In gatt_process_prep_write_rsp of gatt_cl.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.