{"id":"ASB-A-174626251","details":"In btm_sec_pin_code_request of btm_sec.cc, there is a possible bypass of Bluetooth pairing pin-code due to improperly used crypto. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.","aliases":["A-174626251","CVE-2020-26555"],"modified":"2026-04-10T16:16:18.068628Z","published":"2021-06-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2021-06-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/system/bt/+/374bb0401a5649af4a97e8d8c7373c7daf37f6ac"}],"affected":[{"package":{"name":"platform/system/bt","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"8.1:0"},{"fixed":"8.1:2021-06-05"}]}],"versions":["8.1"],"ecosystem_specific":{"spl":"2021-06-05","vanir_signatures":[{"digest":{"function_hash":"117522492611733658184686534748013412627","length":2772},"deprecated":false,"target":{"function":"btm_sec_pin_code_request","file":"stack/btm/btm_sec.cc"},"signature_version":"v1","id":"ASB-A-174626251-830530bd","signature_type":"Function","source":"https://android.googlesource.com/platform/system/bt/+/374bb0401a5649af4a97e8d8c7373c7daf37f6ac"},{"digest":{"threshold":0.9,"line_hashes":["79726622876041249932064418107909516195","252131964306837731021115021591324896017","336788034664205411058133138154760230453"]},"deprecated":false,"target":{"file":"stack/btm/btm_sec.cc"},"signature_version":"v1","id":"ASB-A-174626251-c4e6adf7","signature_type":"Line","source":"https://android.googlesource.com/platform/system/bt/+/374bb0401a5649af4a97e8d8c7373c7daf37f6ac"}],"types":["EoP"],"severity":"High","fixes":["https://android.googlesource.com/platform/system/bt/+/374bb0401a5649af4a97e8d8c7373c7daf37f6ac"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-174626251.json"}},{"package":{"name":"platform/system/bt","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"9:0"},{"fixed":"9:2021-06-05"}]}],"versions":["9"],"ecosystem_specific":{"spl":"2021-06-05","vanir_signatures":[{"digest":{"threshold":0.9,"line_hashes":["79726622876041249932064418107909516195","252131964306837731021115021591324896017","336788034664205411058133138154760230453"]},"deprecated":false,"target":{"file":"stack/btm/btm_sec.cc"},"signature_version":"v1","id":"ASB-A-174626251-5de9f4fb","signature_type":"Line","source":"https://android.googlesource.com/platform/system/bt/+/374bb0401a5649af4a97e8d8c7373c7daf37f6ac"},{"digest":{"function_hash":"117522492611733658184686534748013412627","length":2772},"deprecated":false,"target":{"function":"btm_sec_pin_code_request","file":"stack/btm/btm_sec.cc"},"signature_version":"v1","id":"ASB-A-174626251-b6136e2a","signature_type":"Function","source":"https://android.googlesource.com/platform/system/bt/+/374bb0401a5649af4a97e8d8c7373c7daf37f6ac"}],"types":["EoP"],"severity":"High","fixes":["https://android.googlesource.com/platform/system/bt/+/374bb0401a5649af4a97e8d8c7373c7daf37f6ac"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-174626251.json"}},{"package":{"name":"platform/system/bt","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"10:0"},{"fixed":"10:2021-06-05"}]}],"versions":["10"],"ecosystem_specific":{"spl":"2021-06-05","vanir_signatures":[{"digest":{"function_hash":"117522492611733658184686534748013412627","length":2772},"deprecated":false,"target":{"function":"btm_sec_pin_code_request","file":"stack/btm/btm_sec.cc"},"signature_version":"v1","id":"ASB-A-174626251-3c862cbc","signature_type":"Function","source":"https://android.googlesource.com/platform/system/bt/+/374bb0401a5649af4a97e8d8c7373c7daf37f6ac"},{"digest":{"threshold":0.9,"line_hashes":["79726622876041249932064418107909516195","252131964306837731021115021591324896017","336788034664205411058133138154760230453"]},"deprecated":false,"target":{"file":"stack/btm/btm_sec.cc"},"signature_version":"v1","id":"ASB-A-174626251-5a29055a","signature_type":"Line","source":"https://android.googlesource.com/platform/system/bt/+/374bb0401a5649af4a97e8d8c7373c7daf37f6ac"}],"types":["EoP"],"severity":"High","fixes":["https://android.googlesource.com/platform/system/bt/+/374bb0401a5649af4a97e8d8c7373c7daf37f6ac"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-174626251.json"}},{"package":{"name":"platform/system/bt","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"11:0"},{"fixed":"11:2021-06-05"}]}],"versions":["11"],"ecosystem_specific":{"spl":"2021-06-05","vanir_signatures":[{"digest":{"threshold":0.9,"line_hashes":["79726622876041249932064418107909516195","252131964306837731021115021591324896017","336788034664205411058133138154760230453"]},"deprecated":false,"target":{"file":"stack/btm/btm_sec.cc"},"signature_version":"v1","id":"ASB-A-174626251-2e0e80c2","signature_type":"Line","source":"https://android.googlesource.com/platform/system/bt/+/374bb0401a5649af4a97e8d8c7373c7daf37f6ac"},{"digest":{"function_hash":"117522492611733658184686534748013412627","length":2772},"deprecated":false,"target":{"function":"btm_sec_pin_code_request","file":"stack/btm/btm_sec.cc"},"signature_version":"v1","id":"ASB-A-174626251-33dbd7e7","signature_type":"Function","source":"https://android.googlesource.com/platform/system/bt/+/374bb0401a5649af4a97e8d8c7373c7daf37f6ac"}],"types":["EoP"],"severity":"High","fixes":["https://android.googlesource.com/platform/system/bt/+/374bb0401a5649af4a97e8d8c7373c7daf37f6ac"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-174626251.json"}}],"schema_version":"1.7.5"}