{"id":"ASB-A-205571133","details":"In avrc_ctrl_pars_vendor_cmd of avrc_pars_ct.cc, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-205571133","CVE-2022-20221"],"modified":"2026-05-26T15:46:26.044149249Z","published":"2022-07-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2022-07-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/system/bt/+/9e39fc68e82739dbd9f7403de244959ac7d54d2d"}],"affected":[{"package":{"name":"platform/system/bt","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"10:0"},{"fixed":"10:2022-07-01"}]}],"versions":["10"],"ecosystem_specific":{"types":["ID"],"severity":"High","vanir_signatures":[{"source":"https://android.googlesource.com/platform/system/bt/+/003e42896493afb7a0cd7406720987725d4e9da3","target":{"function":"avrc_ctrl_pars_vendor_cmd","file":"stack/avrc/avrc_pars_tg.cc"},"signature_type":"Function","deprecated":false,"digest":{"function_hash":"305541395741595188649213172767164191469","length":1145},"id":"ASB-A-205571133-13a14f9d","signature_version":"v1"},{"source":"https://android.googlesource.com/platform/system/bt/+/003e42896493afb7a0cd7406720987725d4e9da3","id":"ASB-A-205571133-f06cccd7","signature_type":"Line","deprecated":false,"digest":{"line_hashes":["106952868721422034315462922253755098583","28300491369943993044912096071713369607","76663596602709785475083046558638226071"],"threshold":0.9},"target":{"file":"stack/avrc/avrc_pars_tg.cc"},"signature_version":"v1"}],"fixes":["https://android.googlesource.com/platform/system/bt/+/003e42896493afb7a0cd7406720987725d4e9da3"],"spl":"2022-07-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-205571133.json"}},{"package":{"name":"platform/system/bt","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"11:0"},{"fixed":"11:2022-07-01"}]}],"versions":["11"],"ecosystem_specific":{"spl":"2022-07-01","severity":"High","vanir_signatures":[{"source":"https://android.googlesource.com/platform/system/bt/+/003e42896493afb7a0cd7406720987725d4e9da3","target":{"function":"avrc_ctrl_pars_vendor_cmd","file":"stack/avrc/avrc_pars_tg.cc"},"signature_type":"Function","deprecated":false,"digest":{"function_hash":"305541395741595188649213172767164191469","length":1145},"id":"ASB-A-205571133-26e4438e","signature_version":"v1"},{"source":"https://android.googlesource.com/platform/system/bt/+/003e42896493afb7a0cd7406720987725d4e9da3","target":{"file":"stack/avrc/avrc_pars_tg.cc"},"signature_type":"Line","deprecated":false,"digest":{"line_hashes":["106952868721422034315462922253755098583","28300491369943993044912096071713369607","76663596602709785475083046558638226071"],"threshold":0.9},"id":"ASB-A-205571133-aba04606","signature_version":"v1"}],"fixes":["https://android.googlesource.com/platform/system/bt/+/003e42896493afb7a0cd7406720987725d4e9da3"],"types":["ID"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-205571133.json"}},{"package":{"name":"platform/system/bt","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2022-07-01"}]}],"versions":["12"],"ecosystem_specific":{"types":["ID"],"severity":"High","vanir_signatures":[{"source":"https://android.googlesource.com/platform/system/bt/+/003e42896493afb7a0cd7406720987725d4e9da3","target":{"file":"stack/avrc/avrc_pars_tg.cc"},"signature_type":"Line","deprecated":false,"digest":{"line_hashes":["106952868721422034315462922253755098583","28300491369943993044912096071713369607","76663596602709785475083046558638226071"],"threshold":0.9},"id":"ASB-A-205571133-43122021","signature_version":"v1"},{"source":"https://android.googlesource.com/platform/system/bt/+/003e42896493afb7a0cd7406720987725d4e9da3","deprecated":false,"signature_type":"Function","target":{"function":"avrc_ctrl_pars_vendor_cmd","file":"stack/avrc/avrc_pars_tg.cc"},"digest":{"function_hash":"305541395741595188649213172767164191469","length":1145},"id":"ASB-A-205571133-d3718ba1","signature_version":"v1"}],"fixes":["https://android.googlesource.com/platform/system/bt/+/003e42896493afb7a0cd7406720987725d4e9da3"],"spl":"2022-07-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-205571133.json"}},{"package":{"name":"platform/system/bt","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12L:0"},{"fixed":"12L:2022-07-01"}]}],"versions":["12L"],"ecosystem_specific":{"vanir_signatures":[{"source":"https://android.googlesource.com/platform/system/bt/+/003e42896493afb7a0cd7406720987725d4e9da3","id":"ASB-A-205571133-a4a5d5b8","signature_type":"Line","deprecated":false,"digest":{"line_hashes":["106952868721422034315462922253755098583","28300491369943993044912096071713369607","76663596602709785475083046558638226071"],"threshold":0.9},"target":{"file":"stack/avrc/avrc_pars_tg.cc"},"signature_version":"v1"},{"deprecated":false,"source":"https://android.googlesource.com/platform/system/bt/+/003e42896493afb7a0cd7406720987725d4e9da3","signature_type":"Function","id":"ASB-A-205571133-ccad02db","digest":{"function_hash":"305541395741595188649213172767164191469","length":1145},"target":{"function":"avrc_ctrl_pars_vendor_cmd","file":"stack/avrc/avrc_pars_tg.cc"},"signature_version":"v1"}],"severity":"High","types":["ID"],"fixes":["https://android.googlesource.com/platform/system/bt/+/003e42896493afb7a0cd7406720987725d4e9da3"],"spl":"2022-07-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-205571133.json"}}],"schema_version":"1.7.5"}