{"id":"ASB-A-162497143","details":"In btm_sec_disconnected of btm_sec.cc, there is a possible memory corruption due to a use after free. This could lead to remote code execution in the Bluetooth server with no additional execution privileges needed. User interaction is needed for exploitation.","aliases":["A-162497143","CVE-2020-0449"],"modified":"2026-04-21T15:25:42.831358Z","published":"2020-11-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2020-11-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/system/bt/+/46bdf4d4145ee022c48b71c30ba5fd45324f796a"}],"affected":[{"package":{"name":"platform/system/bt","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"11-next:0"},{"fixed":"11-next:2020-11-01"}]}],"versions":["11-next"],"ecosystem_specific":{"vanir_signatures":[{"target":{"file":"stack/btm/btm_sec.cc"},"deprecated":false,"source":"https://android.googlesource.com/platform/system/bt/+/7c86810c44ef2efd97c3e78bd77e36257a05f75b","signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["249772947756894727392887710939368535576","248664681227693269870639686329578771093","204938982121898345627514870929907191075","195313446493060147881271030988516681257"]},"signature_version":"v1","id":"ASB-A-162497143-8d8eea24"},{"target":{"file":"stack/btm/btm_sec.cc","function":"btm_sec_disconnected"},"deprecated":false,"source":"https://android.googlesource.com/platform/system/bt/+/7c86810c44ef2efd97c3e78bd77e36257a05f75b","signature_type":"Function","digest":{"function_hash":"336946547496498273731615258106979727699","length":2854},"signature_version":"v1","id":"ASB-A-162497143-ef4ed2bd"}],"spl":"2020-11-01","fixes":["https://android.googlesource.com/platform/system/bt/+/7c86810c44ef2efd97c3e78bd77e36257a05f75b"],"severity":"Critical","types":["RCE"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-162497143.json"}},{"package":{"name":"platform/system/bt","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"8.0:0"},{"fixed":"8.0:2020-11-01"}]}],"versions":["8.0"],"ecosystem_specific":{"vanir_signatures":[{"target":{"file":"stack/btm/btm_sec.cc"},"deprecated":false,"source":"https://android.googlesource.com/platform/system/bt/+/c6879c3fe5833b5198255126342185e45929c577","signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["38693037265298699250803535887493619439","315234496427818661395821925732807007606","270885058720057633544048845857587599969","256197269163269374029381615797948216232"]},"signature_version":"v1","id":"ASB-A-162497143-26d4447f"},{"target":{"file":"stack/btm/btm_sec.cc","function":"btm_sec_disconnected"},"deprecated":false,"source":"https://android.googlesource.com/platform/system/bt/+/c6879c3fe5833b5198255126342185e45929c577","signature_type":"Function","digest":{"function_hash":"284210671789151899952028304442543332172","length":2761},"signature_version":"v1","id":"ASB-A-162497143-29dd4bd1"}],"spl":"2020-11-01","fixes":["https://android.googlesource.com/platform/system/bt/+/c6879c3fe5833b5198255126342185e45929c577"],"severity":"Critical","types":["RCE"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-162497143.json"}},{"package":{"name":"platform/system/bt","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"8.1:0"},{"fixed":"8.1:2020-11-01"}]}],"versions":["8.1"],"ecosystem_specific":{"vanir_signatures":[{"target":{"file":"stack/btm/btm_sec.cc","function":"btm_sec_disconnected"},"deprecated":false,"source":"https://android.googlesource.com/platform/system/bt/+/c6879c3fe5833b5198255126342185e45929c577","signature_type":"Function","digest":{"function_hash":"284210671789151899952028304442543332172","length":2761},"signature_version":"v1","id":"ASB-A-162497143-20799313"},{"target":{"file":"stack/btm/btm_sec.cc"},"deprecated":false,"source":"https://android.googlesource.com/platform/system/bt/+/c6879c3fe5833b5198255126342185e45929c577","signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["38693037265298699250803535887493619439","315234496427818661395821925732807007606","270885058720057633544048845857587599969","256197269163269374029381615797948216232"]},"signature_version":"v1","id":"ASB-A-162497143-4ee91ee5"}],"spl":"2020-11-01","fixes":["https://android.googlesource.com/platform/system/bt/+/c6879c3fe5833b5198255126342185e45929c577"],"severity":"Critical","types":["RCE"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-162497143.json"}},{"package":{"name":"platform/system/bt","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"9:0"},{"fixed":"9:2020-11-01"}]}],"versions":["9"],"ecosystem_specific":{"vanir_signatures":[{"target":{"file":"stack/btm/btm_sec.cc"},"deprecated":false,"source":"https://android.googlesource.com/platform/system/bt/+/7c86810c44ef2efd97c3e78bd77e36257a05f75b","signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["249772947756894727392887710939368535576","248664681227693269870639686329578771093","204938982121898345627514870929907191075","195313446493060147881271030988516681257"]},"signature_version":"v1","id":"ASB-A-162497143-497c4306"},{"target":{"file":"stack/btm/btm_sec.cc","function":"btm_sec_disconnected"},"deprecated":false,"source":"https://android.googlesource.com/platform/system/bt/+/7c86810c44ef2efd97c3e78bd77e36257a05f75b","signature_type":"Function","digest":{"function_hash":"336946547496498273731615258106979727699","length":2854},"signature_version":"v1","id":"ASB-A-162497143-c3b5cba0"}],"spl":"2020-11-01","fixes":["https://android.googlesource.com/platform/system/bt/+/7c86810c44ef2efd97c3e78bd77e36257a05f75b"],"severity":"Critical","types":["RCE"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-162497143.json"}},{"package":{"name":"platform/system/bt","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"10:0"},{"fixed":"10:2020-11-01"}]}],"versions":["10"],"ecosystem_specific":{"vanir_signatures":[{"target":{"file":"stack/btm/btm_sec.cc"},"deprecated":false,"source":"https://android.googlesource.com/platform/system/bt/+/7c86810c44ef2efd97c3e78bd77e36257a05f75b","signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["249772947756894727392887710939368535576","248664681227693269870639686329578771093","204938982121898345627514870929907191075","195313446493060147881271030988516681257"]},"signature_version":"v1","id":"ASB-A-162497143-a93d82b1"},{"target":{"file":"stack/btm/btm_sec.cc","function":"btm_sec_disconnected"},"deprecated":false,"source":"https://android.googlesource.com/platform/system/bt/+/7c86810c44ef2efd97c3e78bd77e36257a05f75b","signature_type":"Function","digest":{"function_hash":"336946547496498273731615258106979727699","length":2854},"signature_version":"v1","id":"ASB-A-162497143-f2b68525"}],"spl":"2020-11-01","fixes":["https://android.googlesource.com/platform/system/bt/+/7c86810c44ef2efd97c3e78bd77e36257a05f75b"],"severity":"Critical","types":["RCE"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-162497143.json"}},{"package":{"name":"platform/system/bt","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"11:0"},{"fixed":"11:2020-11-01"}]}],"versions":["11"],"ecosystem_specific":{"vanir_signatures":[{"target":{"file":"stack/btm/btm_sec.cc","function":"btm_sec_disconnected"},"deprecated":false,"source":"https://android.googlesource.com/platform/system/bt/+/7c86810c44ef2efd97c3e78bd77e36257a05f75b","signature_type":"Function","digest":{"function_hash":"336946547496498273731615258106979727699","length":2854},"signature_version":"v1","id":"ASB-A-162497143-2cec00ea"},{"target":{"file":"stack/btm/btm_sec.cc"},"deprecated":false,"source":"https://android.googlesource.com/platform/system/bt/+/7c86810c44ef2efd97c3e78bd77e36257a05f75b","signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["249772947756894727392887710939368535576","248664681227693269870639686329578771093","204938982121898345627514870929907191075","195313446493060147881271030988516681257"]},"signature_version":"v1","id":"ASB-A-162497143-8b410412"}],"spl":"2020-11-01","fixes":["https://android.googlesource.com/platform/system/bt/+/7c86810c44ef2efd97c3e78bd77e36257a05f75b"],"severity":"Critical","types":["RCE"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-162497143.json"}}],"schema_version":"1.7.5"}