{"id":"ASB-A-174886838","details":"In smp_process_pairing_public_key of smp_act.cc, there is a possible interception of Bluetooth pairing from an on-path attacker due to improperly used crypto. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-174886838","CVE-2020-26558"],"modified":"2026-04-16T15:14:46.093391Z","published":"2021-06-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2021-06-01"}],"affected":[{"package":{"name":"platform/system/bt","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"8.1:0"},{"fixed":"8.1:2021-06-05"}]}],"versions":["8.1"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/bt/+/8106ba379843a3bd17696c902d26c87f690a161a","https://android.googlesource.com/platform/system/bt/+/e11ebfc21963ae905d58c034310efeca0e7cd2ee"],"spl":"2021-06-05","types":["EoP"],"vanir_signatures":[{"deprecated":false,"id":"ASB-A-174886838-0358f436","source":"https://android.googlesource.com/platform/system/bt/+/e11ebfc21963ae905d58c034310efeca0e7cd2ee","signature_version":"v1","digest":{"line_hashes":["289348036503237693750322619088948420833","113250191429836752799163862841550000207","331053960425758225361103257003729814416","207831746164957288629718119238310111947","105776137580159298932102910945176542233","153629461537024825288662060624494105676","153546043420296441568151417159088671690","326845997108222808193591287199879377935"],"threshold":0.9},"signature_type":"Line","target":{"file":"stack/smp/smp_act.cc"}},{"deprecated":false,"id":"ASB-A-174886838-c1a2af2a","source":"https://android.googlesource.com/platform/system/bt/+/e11ebfc21963ae905d58c034310efeca0e7cd2ee","signature_version":"v1","digest":{"function_hash":"10132587302424572947966096021116714992","length":453},"signature_type":"Function","target":{"file":"stack/smp/smp_act.cc","function":"smp_process_pairing_public_key"}},{"deprecated":false,"id":"ASB-A-174886838-e2a14b00","source":"https://android.googlesource.com/platform/system/bt/+/e11ebfc21963ae905d58c034310efeca0e7cd2ee","signature_version":"v1","digest":{"line_hashes":["178765149785881186769487389518368390943","236577822987019112761204600727746245732","196014317388040389384885117312020123757","6097093062625899727487674311033857373"],"threshold":0.9},"signature_type":"Line","target":{"file":"stack/smp/p_256_ecc_pp.h"}}],"severity":"High"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-174886838.json"}},{"package":{"name":"platform/system/bt","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"9:0"},{"fixed":"9:2021-06-05"}]}],"versions":["9"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/bt/+/b7e176df4b9d90dbf8f29678615e6547a6e6d038","https://android.googlesource.com/platform/system/bt/+/45678238713ba15cca8dd453b992caedf1d43ec5"],"spl":"2021-06-05","types":["EoP"],"vanir_signatures":[{"deprecated":false,"id":"ASB-A-174886838-6e1bd762","source":"https://android.googlesource.com/platform/system/bt/+/b7e176df4b9d90dbf8f29678615e6547a6e6d038","signature_version":"v1","digest":{"function_hash":"267944826360575437185293007812731396177","length":790},"signature_type":"Function","target":{"file":"stack/smp/smp_act.cc","function":"smp_process_pairing_public_key"}},{"deprecated":false,"id":"ASB-A-174886838-706f1a2e","source":"https://android.googlesource.com/platform/system/bt/+/b7e176df4b9d90dbf8f29678615e6547a6e6d038","signature_version":"v1","digest":{"line_hashes":["198402448972113750827510259342259951210","242367377172592070639873429227192577701","225298528833318638739699273899224148201"],"threshold":0.9},"signature_type":"Line","target":{"file":"stack/smp/smp_act.cc"}},{"deprecated":false,"id":"ASB-A-174886838-8c7d9df8","source":"https://android.googlesource.com/platform/system/bt/+/45678238713ba15cca8dd453b992caedf1d43ec5","signature_version":"v1","digest":{"line_hashes":["319301799582430733889182248772501151872","247666890958076284706628938487866211797","160170070655885631779645320617169661402","256438432079725943119149612525856012179"],"threshold":0.9},"signature_type":"Line","target":{"file":"stack/smp/smp_act.cc"}}],"severity":"High"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-174886838.json"}},{"package":{"name":"platform/system/bt","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"10:0"},{"fixed":"10:2021-06-05"}]}],"versions":["10"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/bt/+/b7e176df4b9d90dbf8f29678615e6547a6e6d038","https://android.googlesource.com/platform/system/bt/+/45678238713ba15cca8dd453b992caedf1d43ec5"],"spl":"2021-06-05","types":["EoP"],"vanir_signatures":[{"deprecated":false,"id":"ASB-A-174886838-48617c8a","source":"https://android.googlesource.com/platform/system/bt/+/b7e176df4b9d90dbf8f29678615e6547a6e6d038","signature_version":"v1","digest":{"line_hashes":["198402448972113750827510259342259951210","242367377172592070639873429227192577701","225298528833318638739699273899224148201"],"threshold":0.9},"signature_type":"Line","target":{"file":"stack/smp/smp_act.cc"}},{"deprecated":false,"id":"ASB-A-174886838-5b0156a0","source":"https://android.googlesource.com/platform/system/bt/+/45678238713ba15cca8dd453b992caedf1d43ec5","signature_version":"v1","digest":{"line_hashes":["319301799582430733889182248772501151872","247666890958076284706628938487866211797","160170070655885631779645320617169661402","256438432079725943119149612525856012179"],"threshold":0.9},"signature_type":"Line","target":{"file":"stack/smp/smp_act.cc"}},{"deprecated":false,"id":"ASB-A-174886838-d53ce1b2","source":"https://android.googlesource.com/platform/system/bt/+/b7e176df4b9d90dbf8f29678615e6547a6e6d038","signature_version":"v1","digest":{"function_hash":"267944826360575437185293007812731396177","length":790},"signature_type":"Function","target":{"file":"stack/smp/smp_act.cc","function":"smp_process_pairing_public_key"}}],"severity":"High"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-174886838.json"}},{"package":{"name":"platform/system/bt","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"11:0"},{"fixed":"11:2021-06-05"}]}],"versions":["11"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/bt/+/b7e176df4b9d90dbf8f29678615e6547a6e6d038","https://android.googlesource.com/platform/system/bt/+/45678238713ba15cca8dd453b992caedf1d43ec5"],"spl":"2021-06-05","types":["EoP"],"vanir_signatures":[{"deprecated":false,"id":"ASB-A-174886838-3aa0e47e","source":"https://android.googlesource.com/platform/system/bt/+/b7e176df4b9d90dbf8f29678615e6547a6e6d038","signature_version":"v1","digest":{"line_hashes":["198402448972113750827510259342259951210","242367377172592070639873429227192577701","225298528833318638739699273899224148201"],"threshold":0.9},"signature_type":"Line","target":{"file":"stack/smp/smp_act.cc"}},{"deprecated":false,"id":"ASB-A-174886838-45720cb4","source":"https://android.googlesource.com/platform/system/bt/+/b7e176df4b9d90dbf8f29678615e6547a6e6d038","signature_version":"v1","digest":{"function_hash":"267944826360575437185293007812731396177","length":790},"signature_type":"Function","target":{"file":"stack/smp/smp_act.cc","function":"smp_process_pairing_public_key"}},{"deprecated":false,"id":"ASB-A-174886838-8b7f9a07","source":"https://android.googlesource.com/platform/system/bt/+/45678238713ba15cca8dd453b992caedf1d43ec5","signature_version":"v1","digest":{"line_hashes":["319301799582430733889182248772501151872","247666890958076284706628938487866211797","160170070655885631779645320617169661402","256438432079725943119149612525856012179"],"threshold":0.9},"signature_type":"Line","target":{"file":"stack/smp/smp_act.cc"}}],"severity":"High"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-174886838.json"}}],"schema_version":"1.7.5"}