Lucene search

GoogleOSV:ASB-A-212694559

HistoryApr 01, 2022 - 12:00 a.m.

[Potential OOB read in Bluetooth L2CAP]

2022-04-0100:00:00

Google

osv.dev

6.5 Medium

CVSS3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

6.5 Medium

AI Score

Confidence

High

3.3 Low

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:A/AC:L/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

20.1%

JSON

In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure through Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.

CPENameOperatorVersion
platform/system/bteq12L
platform/system/bteq12

CPE	Name	Operator	Version
	platform/system/bt	eq	12L
	platform/system/bt	eq	12

References

android.googlesource.com/platform/system/bt/+/1e38a411e70f7f9fa6b78e4e75479e818f20e401

source.android.com/security/bulletin/2022-04-01

6.5 Medium

CVSS3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

6.5 Medium

AI Score

Confidence

High

3.3 Low

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:A/AC:L/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

20.1%

JSON

Related for OSV:ASB-A-212694559