{"id":"ASB-A-206128341","details":"In gatt_process_notification of gatt_cl.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-206128341","CVE-2021-39708"],"modified":"2026-04-21T15:25:42.831358Z","published":"2022-03-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2022-03-01"}],"affected":[{"package":{"name":"platform/system/bt","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2022-03-01"}]}],"versions":["12"],"ecosystem_specific":{"spl":"2022-03-01","vanir_signatures":[{"source":"https://android.googlesource.com/platform/system/bt/+/97e84ea15a31d8df49003b19ac3ef5cd52ea95f5","signature_type":"Line","signature_version":"v1","id":"ASB-A-206128341-0342fa86","deprecated":false,"target":{"file":"stack/gatt/gatt_cl.cc"},"digest":{"line_hashes":["241537502085801979227847084960204315338","277151541307175054926658701605526972917","257953875711511003209061833450533096279","46448234821378032377327957180540795275"],"threshold":0.9}},{"source":"https://android.googlesource.com/platform/system/bt/+/97e84ea15a31d8df49003b19ac3ef5cd52ea95f5","signature_type":"Function","signature_version":"v1","id":"ASB-A-206128341-aa3578e5","deprecated":false,"target":{"file":"stack/gatt/gatt_cl.cc","function":"gatt_process_notification"},"digest":{"function_hash":"71700587856236157416993353711427742154","length":2690}}],"types":["EoP"],"severity":"Critical","fixes":["https://android.googlesource.com/platform/system/bt/+/97e84ea15a31d8df49003b19ac3ef5cd52ea95f5"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-206128341.json"}},{"package":{"name":"platform/system/bt","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12L:0"},{"fixed":"12L:2022-03-01"}]}],"versions":["12L"],"ecosystem_specific":{"spl":"2022-03-01","vanir_signatures":[{"source":"https://android.googlesource.com/platform/system/bt/+/61661c7b4da0fe580c6dd0dabd902bbdf8f81ad4","signature_type":"Function","signature_version":"v1","id":"ASB-A-206128341-10224f0c","deprecated":false,"target":{"file":"stack/gatt/gatt_cl.cc","function":"gatt_process_notification"},"digest":{"function_hash":"71700587856236157416993353711427742154","length":2690}},{"source":"https://android.googlesource.com/platform/system/bt/+/61661c7b4da0fe580c6dd0dabd902bbdf8f81ad4","signature_type":"Line","signature_version":"v1","id":"ASB-A-206128341-645bde93","deprecated":false,"target":{"file":"stack/gatt/gatt_cl.cc"},"digest":{"line_hashes":["241537502085801979227847084960204315338","277151541307175054926658701605526972917","257953875711511003209061833450533096279","46448234821378032377327957180540795275"],"threshold":0.9}}],"types":["EoP"],"severity":"Critical","fixes":["https://android.googlesource.com/platform/system/bt/+/61661c7b4da0fe580c6dd0dabd902bbdf8f81ad4"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-206128341.json"}}],"schema_version":"1.7.5"}