{"id":"ASB-A-213519176","details":"In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure through Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-213519176","CVE-2022-20010"],"modified":"2026-04-24T15:37:38.793646Z","published":"2022-05-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2022-05-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/system/bt/+/2dceafe75bda383e609910b3c882a155a32584af"}],"affected":[{"package":{"name":"platform/system/bt","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2022-05-01"}]}],"versions":["12"],"ecosystem_specific":{"vanir_signatures":[{"digest":{"function_hash":"66384597321222302059653465565508107849","length":15253},"signature_version":"v1","source":"https://android.googlesource.com/platform/system/bt/+/ed4b512d2b3d45151b7f70e4c8c60b1a052a5d7c","target":{"function":"l2cble_process_sig_cmd","file":"stack/l2cap/l2c_ble.cc"},"signature_type":"Function","id":"ASB-A-213519176-10e763c0","deprecated":false},{"digest":{"line_hashes":["93806745416747169019900065717920985461","147032250423540864756636254208448098760","262545177973303395066338178195281075998","296716890037747899860041690233153801793"],"threshold":0.9},"signature_version":"v1","source":"https://android.googlesource.com/platform/system/bt/+/ed4b512d2b3d45151b7f70e4c8c60b1a052a5d7c","target":{"file":"stack/l2cap/l2c_ble.cc"},"signature_type":"Line","id":"ASB-A-213519176-333947e6","deprecated":false}],"spl":"2022-05-01","types":["ID"],"fixes":["https://android.googlesource.com/platform/system/bt/+/ed4b512d2b3d45151b7f70e4c8c60b1a052a5d7c"],"severity":"High"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-213519176.json"}},{"package":{"name":"platform/system/bt","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12L:0"},{"fixed":"12L:2022-05-01"}]}],"versions":["12L"],"ecosystem_specific":{"vanir_signatures":[{"digest":{"function_hash":"66384597321222302059653465565508107849","length":15253},"signature_version":"v1","source":"https://android.googlesource.com/platform/system/bt/+/ed4b512d2b3d45151b7f70e4c8c60b1a052a5d7c","target":{"function":"l2cble_process_sig_cmd","file":"stack/l2cap/l2c_ble.cc"},"signature_type":"Function","id":"ASB-A-213519176-8aaa36f4","deprecated":false},{"digest":{"line_hashes":["93806745416747169019900065717920985461","147032250423540864756636254208448098760","262545177973303395066338178195281075998","296716890037747899860041690233153801793"],"threshold":0.9},"signature_version":"v1","source":"https://android.googlesource.com/platform/system/bt/+/ed4b512d2b3d45151b7f70e4c8c60b1a052a5d7c","target":{"file":"stack/l2cap/l2c_ble.cc"},"signature_type":"Line","id":"ASB-A-213519176-b8e4f7c1","deprecated":false}],"spl":"2022-05-01","types":["ID"],"fixes":["https://android.googlesource.com/platform/system/bt/+/ed4b512d2b3d45151b7f70e4c8c60b1a052a5d7c"],"severity":"High"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-213519176.json"}}],"schema_version":"1.7.5"}