Lucene search

GoogleOSV:ASB-A-273874525

HistoryOct 01, 2023 - 12:00 a.m.

[Bluetooth][GATT] build_read_multi_rsp underflow lead to OOB Write

2023-10-0100:00:00

Google

osv.dev

bluetooth

gatt

buffer overflow

oob write

code execution

remote

heap overflow

software security

8.8 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

18.0%

JSON

In build_read_multi_rsp of gatt_sr.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

CPENameOperatorVersion
platform/packages/modules/bluetootheq13
platform/packages/modules/bluetootheq12
platform/packages/modules/bluetootheq12L

Name	Operator	Version
platform/packages/modules/bluetooth	eq	13
platform/packages/modules/bluetooth	eq	12
platform/packages/modules/bluetooth	eq	12L

References

android.googlesource.com/platform/packages/modules/Bluetooth/+/c0151aa3ba76c785b32c7f9d16c98febe53017b1

source.android.com/security/bulletin/2023-10-01

8.8 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

18.0%

JSON

Related for OSV:ASB-A-273874525