Platform System Bt vulnerabilities

CVE-2022-20461 CVE-2022-20461: In pinReplyNative of com_android_bluetooth_btservice_AdapterService In pinReplyNative of com_android_bluetooth_btservice_AdapterService.cpp, there is a possible out of bounds read due to type confusion. This could lead to local escalation of privilege of BLE with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2022-20469 CVE-2022-20469: In avct_lcb_msg_asmbl of avct_lcb_act In avct_lcb_msg_asmbl of avct_lcb_act.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2022-20483 CVE-2022-20483: In several functions that parse avrc response in avrc_pars_ct In several functions that parse avrc response in avrc_pars_ct.cc and related files, there are possible out of bounds reads due to integer overflows. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2022-20468 CVE-2022-20468: In BNEP_ConnectResp of bnep_api In BNEP_ConnectResp of bnep_api.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2022-20411 CVE-2022-20411: In avdt_msg_asmbl of avdt_msg In avdt_msg_asmbl of avdt_msg.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2022-20445 CVE-2022-20445: In process_service_search_rsp of sdp_discovery In process_service_search_rsp of sdp_discovery.cc, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2022-20410 CVE-2022-20410: In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2022-20345 CVE-2022-20345: In l2cble_process_sig_cmd of l2c_ble In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2022-20361 CVE-2022-20361: In btif_dm_auth_cmpl_evt of btif_dm In btif_dm_auth_cmpl_evt of btif_dm.cc, there is a possible vulnerability in Cross-Transport Key Derivation due to Weakness in Bluetooth Standard. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2022-20229 CVE-2022-20229: In bta_hf_client_handle_cind_list_item of bta_hf_client_at In bta_hf_client_handle_cind_list_item of bta_hf_client_at.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2022-20222 CVE-2022-20222: In read_attr_value of gatt_db In read_attr_value of gatt_db.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2022-20224 CVE-2022-20224: In AT_SKIP_REST of bta_hf_client_at In AT_SKIP_REST of bta_hf_client_at.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure in the Bluetooth stack with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2022-20221 CVE-2022-20221: In avrc_ctrl_pars_vendor_cmd of avrc_pars_ct In avrc_ctrl_pars_vendor_cmd of avrc_pars_ct.cc, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2022-20140 CVE-2022-20140: In read_multi_rsp of gatt_sr In read_multi_rsp of gatt_sr.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2022-20010 CVE-2022-20010: In l2cble_process_sig_cmd of l2c_ble In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure through Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2021-39809 CVE-2021-39809: In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2021-39805 CVE-2021-39805: In l2cble_process_sig_cmd of l2c_ble In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure through Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2021-39708 CVE-2021-39708: In gatt_process_notification of gatt_cl In gatt_process_notification of gatt_cl.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2021-39674 CVE-2021-39674: In btm_sec_connected and btm_sec_disconnected of btm_sec In btm_sec_connected and btm_sec_disconnected of btm_sec.cc file , there is a possible use after free. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.

CVE-2021-1022 CVE-2021-1022: In btif_in_hf_client_generic_evt of btif_hf_client In btif_in_hf_client_generic_evt of btif_hf_client.cc, there is a possible Bluetooth service crash due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.