{"id":"ASB-A-174182139","details":"In ConnectionHandler::SdpCb of connection_handler.cc, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-174182139","CVE-2021-0522"],"modified":"2026-05-28T15:16:54.500952700Z","published":"2021-06-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2021-06-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/system/bt/+/71c573ae67b6a15c33ad1036b37b999c54d7236b"}],"affected":[{"package":{"name":"platform/system/bt","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"9:0"},{"fixed":"9:2021-06-01"}]}],"versions":["9"],"ecosystem_specific":{"severity":"High","vanir_signatures":[{"digest":{"threshold":0.9,"line_hashes":["298198116241899993833217634389560504667","287012202328669652311876090109824391990","47879640589574822830942397260413806572","201339308334320448245842070676463746924"]},"id":"ASB-A-174182139-1641211b","signature_version":"v1","source":"https://android.googlesource.com/platform/system/bt/+/5160c8d0bad685f7831d47e6048cfcb0998bbc84","signature_type":"Line","deprecated":false,"target":{"file":"profile/avrcp/connection_handler.cc"}},{"digest":{"threshold":0.9,"line_hashes":["194928598227912554565230997380017534726","77556518358887016562119304689174807795","86632212868385445720299860168464525261","144826320422077285944620029434252398822"]},"id":"ASB-A-174182139-247a05e1","deprecated":false,"source":"https://android.googlesource.com/platform/system/bt/+/5160c8d0bad685f7831d47e6048cfcb0998bbc84","signature_type":"Line","signature_version":"v1","target":{"file":"profile/avrcp/connection_handler.h"}},{"digest":{"length":3093,"function_hash":"220432715238360302771225885058009308197"},"id":"ASB-A-174182139-57ecdda1","deprecated":false,"source":"https://android.googlesource.com/platform/system/bt/+/5160c8d0bad685f7831d47e6048cfcb0998bbc84","signature_type":"Function","signature_version":"v1","target":{"file":"profile/avrcp/connection_handler.cc","function":"ConnectionHandler::SdpCb"}}],"spl":"2021-06-01","fixes":["https://android.googlesource.com/platform/system/bt/+/5160c8d0bad685f7831d47e6048cfcb0998bbc84"],"types":["ID"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-174182139.json"}},{"package":{"name":"platform/system/bt","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"10:0"},{"fixed":"10:2021-06-01"}]}],"versions":["10"],"ecosystem_specific":{"severity":"High","vanir_signatures":[{"digest":{"length":3093,"function_hash":"220432715238360302771225885058009308197"},"id":"ASB-A-174182139-430a3310","deprecated":false,"source":"https://android.googlesource.com/platform/system/bt/+/5160c8d0bad685f7831d47e6048cfcb0998bbc84","signature_type":"Function","signature_version":"v1","target":{"file":"profile/avrcp/connection_handler.cc","function":"ConnectionHandler::SdpCb"}},{"digest":{"threshold":0.9,"line_hashes":["298198116241899993833217634389560504667","287012202328669652311876090109824391990","47879640589574822830942397260413806572","201339308334320448245842070676463746924"]},"id":"ASB-A-174182139-cef489d9","deprecated":false,"source":"https://android.googlesource.com/platform/system/bt/+/5160c8d0bad685f7831d47e6048cfcb0998bbc84","signature_type":"Line","signature_version":"v1","target":{"file":"profile/avrcp/connection_handler.cc"}},{"digest":{"threshold":0.9,"line_hashes":["194928598227912554565230997380017534726","77556518358887016562119304689174807795","86632212868385445720299860168464525261","144826320422077285944620029434252398822"]},"id":"ASB-A-174182139-ef8ee825","signature_version":"v1","source":"https://android.googlesource.com/platform/system/bt/+/5160c8d0bad685f7831d47e6048cfcb0998bbc84","signature_type":"Line","deprecated":false,"target":{"file":"profile/avrcp/connection_handler.h"}}],"spl":"2021-06-01","fixes":["https://android.googlesource.com/platform/system/bt/+/5160c8d0bad685f7831d47e6048cfcb0998bbc84"],"types":["ID"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-174182139.json"}},{"package":{"name":"platform/system/bt","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"11:0"},{"fixed":"11:2021-06-01"}]}],"versions":["11"],"ecosystem_specific":{"severity":"High","vanir_signatures":[{"digest":{"threshold":0.9,"line_hashes":["133622156672709236633488552820528861554","316643902702355795794671798071459542726","157089739734219949707838566518876663940","296190649613492093493013584429836317712"]},"id":"ASB-A-174182139-11481b95","deprecated":false,"source":"https://android.googlesource.com/platform/system/bt/+/71c573ae67b6a15c33ad1036b37b999c54d7236b","signature_type":"Line","signature_version":"v1","target":{"file":"profile/avrcp/connection_handler.h"}},{"digest":{"threshold":0.9,"line_hashes":["298198116241899993833217634389560504667","174298211505879605071222028669227333094","77652035103966742432796253987282744798","329842816619459239744471971419928151750"]},"id":"ASB-A-174182139-6de589a4","deprecated":false,"source":"https://android.googlesource.com/platform/system/bt/+/71c573ae67b6a15c33ad1036b37b999c54d7236b","signature_type":"Line","signature_version":"v1","target":{"file":"profile/avrcp/connection_handler.cc"}},{"digest":{"length":3282,"function_hash":"291147108011544128857938207923043313668"},"id":"ASB-A-174182139-b55a2239","deprecated":false,"source":"https://android.googlesource.com/platform/system/bt/+/71c573ae67b6a15c33ad1036b37b999c54d7236b","signature_type":"Function","signature_version":"v1","target":{"file":"profile/avrcp/connection_handler.cc","function":"ConnectionHandler::SdpCb"}}],"spl":"2021-06-01","fixes":["https://android.googlesource.com/platform/system/bt/+/71c573ae67b6a15c33ad1036b37b999c54d7236b"],"types":["ID"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-174182139.json"}}],"schema_version":"1.7.5"}