Lucene search

GoogleOSV:ASB-A-282234870

HistoryDec 01, 2023 - 12:00 a.m.

[Bug 2/2] Potential oob write due to missing bounds check in LeAudioBroadcasterImpl::CreateAudioBroadcast() of bluetooth stack

2023-12-0100:00:00

Google

osv.dev

bluetooth stack

bounds check

local privilege escalation

software

user interaction

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.2

Confidence

High

EPSS

Percentile

5.1%

JSON

In CreateAudioBroadcast of broadcaster.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

References

android.googlesource.com/platform/packages/modules/Bluetooth/+/8e3b3fc918b3ea77754c6d82ab0f09cce81e145b

source.android.com/security/bulletin/2023-12-01

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.2

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for OSV:ASB-A-282234870