Lucene search

GoogleOSV:ASB-A-230494481

HistoryAug 01, 2022 - 12:00 a.m.

[OOB write in L2CAP Bluetooth stack]

2022-08-0100:00:00

Google

osv.dev

8.8 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.0%

JSON

In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.

CPENameOperatorVersion
platform/system/bteq12L
platform/packages/modules/bluetootheq12
platform/system/bteq12
platform/packages/modules/bluetootheq12L

Name	Operator	Version
platform/system/bt	eq	12L
platform/packages/modules/bluetooth	eq	12
platform/system/bt	eq	12
platform/packages/modules/bluetooth	eq	12L

References

android.googlesource.com/platform/packages/modules/Bluetooth/+/0b7fe01dd050fa4155b1cd802d901b4c9eccdfef

android.googlesource.com/platform/system/bt/+/e0dd01b536919d5407968eae341b72fa10ec0b7d

source.android.com/security/bulletin/2022-08-01

8.8 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.0%

JSON

Related for OSV:ASB-A-230494481