Platform Packages Modules Bluetooth vulnerabilities

CVE-2023-20931 CVE-2023-20931: In avdt_scb_hdl_write_req of avdt_scb_act In avdt_scb_hdl_write_req of avdt_scb_act.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2022-20467 CVE-2022-20467: In isBluetoothShareUri of BluetoothOppUtility In isBluetoothShareUri of BluetoothOppUtility.java, there is a possible incorrect file read due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

CVE-2023-20936 CVE-2023-20936: In bta_av_rc_disc_done of bta_av_act In bta_av_rc_disc_done of bta_av_act.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2022-20461 CVE-2022-20461: In pinReplyNative of com_android_bluetooth_btservice_AdapterService In pinReplyNative of com_android_bluetooth_btservice_AdapterService.cpp, there is a possible out of bounds read due to type confusion. This could lead to local escalation of privilege of BLE with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2022-20552 CVE-2022-20552: In btif_a2dp_sink_command_ready of btif_a2dp_sink In btif_a2dp_sink_command_ready of btif_a2dp_sink.cc, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2022-20469 CVE-2022-20469: In avct_lcb_msg_asmbl of avct_lcb_act In avct_lcb_msg_asmbl of avct_lcb_act.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2022-20521 CVE-2022-20521: In sdpu_find_most_specific_service_uuid of sdp_utils In sdpu_find_most_specific_service_uuid of sdp_utils.cc, there is a possible way to crash Bluetooth due to a missing null check. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.

CVE-2022-20483 CVE-2022-20483: In several functions that parse avrc response in avrc_pars_ct In several functions that parse avrc response in avrc_pars_ct.cc and related files, there are possible out of bounds reads due to integer overflows. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2022-20468 CVE-2022-20468: In BNEP_ConnectResp of bnep_api In BNEP_ConnectResp of bnep_api.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2022-20547 CVE-2022-20547: In multiple functions of AdapterService In multiple functions of AdapterService.java, there is a possible way to manipulate Bluetooth state due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2022-20411 CVE-2022-20411: In avdt_msg_asmbl of avdt_msg In avdt_msg_asmbl of avdt_msg.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2022-20445 CVE-2022-20445: In process_service_search_rsp of sdp_discovery In process_service_search_rsp of sdp_discovery.cc, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2022-20447 CVE-2022-20447: In PAN_WriteBuf of pan_api In PAN_WriteBuf of pan_api.cc, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2022-20410 CVE-2022-20410: In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2021-39673 CVE-2021-39673: In bta_dm_remove_device of bta_dm_act In bta_dm_remove_device of bta_dm_act.cc, there is a possible way for a BT device to receive a long term trackable identifier due to a permissions bypass. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2022-20133 CVE-2022-20133: In setDiscoverableTimeout of AdapterService In setDiscoverableTimeout of AdapterService.java, there is a possible bypass of user interaction due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.

CVE-2022-20126 CVE-2022-20126: In setScanMode of AdapterService In setScanMode of AdapterService.java, there is a possible way to enable Bluetooth discovery mode without user interaction due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.

CVE-2022-20207 CVE-2022-20207: In TBD of GattDebugUtils In TBD of GattDebugUtils.java, there is a possible permission bypass due to accidentally enabling debug_admin . This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2022-20140 CVE-2022-20140: In read_multi_rsp of gatt_sr In read_multi_rsp of gatt_sr.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.