Crash in com.google.android.bluetooth - HWAddressSanitizer: tag-mismatch on address 0x004a0315be00 at pc 0x007319f2eda8

2023-12-0100:00:00

Google

osv.dev

com.google.android.bluetooth

memory corruption

remote code execution

android

bluetooth

security vulnerability

8.8 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.7 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.9%

JSON

In callback_thread_event of com_android_bluetooth_btservice_AdapterService.cpp, there is a possible memory corruption due to a use after free. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

CPENameOperatorVersion
platform/packages/modules/bluetootheq14
platform/packages/modules/bluetootheq12
platform/packages/modules/bluetootheq11
platform/packages/modules/bluetootheq12L
platform/packages/modules/bluetootheq13

Name	Operator	Version
platform/packages/modules/bluetooth	eq	14
platform/packages/modules/bluetooth	eq	12
platform/packages/modules/bluetooth	eq	11
platform/packages/modules/bluetooth	eq	12L
platform/packages/modules/bluetooth	eq	13