{"id":"ASB-A-201083442","details":"In btm_sec_connected and btm_sec_disconnected of btm_sec.cc file , there is a possible use after free. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-201083442","CVE-2021-39674"],"modified":"2026-04-30T15:48:46.890647Z","published":"2022-02-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2022-02-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/system/bt/+/eeefcc7c75af2f41caba0de0175d3d843c4e882f"}],"affected":[{"package":{"name":"platform/system/bt","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"10:0"},{"fixed":"10:2022-02-01"}]}],"versions":["10"],"ecosystem_specific":{"spl":"2022-02-01","vanir_signatures":[{"id":"ASB-A-201083442-1b29831b","source":"https://android.googlesource.com/platform/system/bt/+/4f3fdf141b248cacd7c7dd09c06d058931726c98","signature_version":"v1","digest":{"function_hash":"122004041837697648258448318484223466279","length":2932},"signature_type":"Function","deprecated":false,"target":{"function":"btm_sec_disconnected","file":"stack/btm/btm_sec.cc"}},{"id":"ASB-A-201083442-49f83b77","source":"https://android.googlesource.com/platform/system/bt/+/4f3fdf141b248cacd7c7dd09c06d058931726c98","signature_version":"v1","digest":{"function_hash":"48152161687422866557800725042663174574","length":6878},"signature_type":"Function","deprecated":false,"target":{"function":"btm_sec_connected","file":"stack/btm/btm_sec.cc"}},{"id":"ASB-A-201083442-5d9eae03","source":"https://android.googlesource.com/platform/system/bt/+/4f3fdf141b248cacd7c7dd09c06d058931726c98","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["297368654972908621836918557900222963549","332322776207264410706621514063170894526","338335156206453636038296674831092072979","304783868903325475174910602552010287361","237584898535526165343205144234369001840","182461076222023272195598206281586249700","225770881008579576306811599978284230743","157159581754704635677698335972200630708","261046882585634627809982276669943056732","170262317928811187330531501478672008062","90216770933488751888883760906353042346","293663843391815631228309343007137271692","79779840663977586246070583226410737972","98096397884023612276246776154760033515"]},"signature_type":"Line","deprecated":false,"target":{"file":"stack/btm/btm_sec.cc"}}],"types":["EoP"],"fixes":["https://android.googlesource.com/platform/system/bt/+/4f3fdf141b248cacd7c7dd09c06d058931726c98"],"severity":"High"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-201083442.json"}},{"package":{"name":"platform/system/bt","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"11:0"},{"fixed":"11:2022-02-01"}]}],"versions":["11"],"ecosystem_specific":{"spl":"2022-02-01","vanir_signatures":[{"id":"ASB-A-201083442-08db4922","source":"https://android.googlesource.com/platform/system/bt/+/c08175b5f15b161a6ba1444e1071e92b03552915","signature_version":"v1","digest":{"function_hash":"76536728077887636859201998616180283151","length":6923},"signature_type":"Function","deprecated":false,"target":{"function":"btm_sec_connected","file":"stack/btm/btm_sec.cc"}},{"id":"ASB-A-201083442-b8128c5a","source":"https://android.googlesource.com/platform/system/bt/+/c08175b5f15b161a6ba1444e1071e92b03552915","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["297368654972908621836918557900222963549","332322776207264410706621514063170894526","338335156206453636038296674831092072979","304783868903325475174910602552010287361","237584898535526165343205144234369001840","182461076222023272195598206281586249700","225770881008579576306811599978284230743","157159581754704635677698335972200630708","261046882585634627809982276669943056732","170262317928811187330531501478672008062","90216770933488751888883760906353042346","293663843391815631228309343007137271692","79779840663977586246070583226410737972","98096397884023612276246776154760033515"]},"signature_type":"Line","deprecated":false,"target":{"file":"stack/btm/btm_sec.cc"}},{"id":"ASB-A-201083442-fcb3b15a","source":"https://android.googlesource.com/platform/system/bt/+/c08175b5f15b161a6ba1444e1071e92b03552915","signature_version":"v1","digest":{"function_hash":"122004041837697648258448318484223466279","length":2932},"signature_type":"Function","deprecated":false,"target":{"function":"btm_sec_disconnected","file":"stack/btm/btm_sec.cc"}}],"types":["EoP"],"fixes":["https://android.googlesource.com/platform/system/bt/+/c08175b5f15b161a6ba1444e1071e92b03552915"],"severity":"High"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-201083442.json"}},{"package":{"name":"platform/system/bt","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2022-02-01"}]}],"versions":["12"],"ecosystem_specific":{"spl":"2022-02-01","vanir_signatures":[{"id":"ASB-A-201083442-4651c542","source":"https://android.googlesource.com/platform/system/bt/+/ea8501068cc35af7aa5945e9b066130f02dc06a4","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["94915954982532662455959577836117386052","250075224066749656933134517146766345018","284970515002573275106766199300817928614","40005642885998785701529236771374408111","193315777554132242213806373007094154933","277305767727037183007718502432299055794","274509028261151890536959334243696074865"]},"signature_type":"Line","deprecated":false,"target":{"file":"stack/btm/btm_sec.cc"}},{"id":"ASB-A-201083442-521c2e50","source":"https://android.googlesource.com/platform/system/bt/+/ea8501068cc35af7aa5945e9b066130f02dc06a4","signature_version":"v1","digest":{"function_hash":"264728479579913994476960157247978928619","length":6149},"signature_type":"Function","deprecated":false,"target":{"function":"btm_sec_connected","file":"stack/btm/btm_sec.cc"}}],"types":["EoP"],"fixes":["https://android.googlesource.com/platform/system/bt/+/ea8501068cc35af7aa5945e9b066130f02dc06a4"],"severity":"High"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-201083442.json"}}],"schema_version":"1.7.5"}