{"id":"ASB-A-220732646","details":"In AT_SKIP_REST of bta_hf_client_at.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure in the Bluetooth stack with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-220732646","CVE-2022-20224"],"modified":"2026-04-17T15:55:28.020024Z","published":"2022-07-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2022-07-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/system/bt/+/7c21b56b7880579965e95cf24c2ab49326a3f2b9"}],"affected":[{"package":{"name":"platform/system/bt","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"10:0"},{"fixed":"10:2022-07-01"}]}],"versions":["10"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/bt/+/4ce5a3c374fb5d24f367a202a6a3dcab4ba4dffd"],"severity":"High","types":["ID"],"spl":"2022-07-01","vanir_signatures":[{"deprecated":false,"target":{"file":"bta/hf_client/bta_hf_client_at.cc"},"id":"ASB-A-220732646-f20bc708","signature_version":"v1","signature_type":"Line","digest":{"line_hashes":["205516247379723093190107529820985818835","284698599951166404841017736866893809950","23181201197599775582528491043066744012","327095647922658433065392263037062196298","129786613184741619539432120699389574637"],"threshold":0.9},"source":"https://android.googlesource.com/platform/system/bt/+/4ce5a3c374fb5d24f367a202a6a3dcab4ba4dffd"}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-220732646.json"}},{"package":{"name":"platform/system/bt","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"11:0"},{"fixed":"11:2022-07-01"}]}],"versions":["11"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/bt/+/863a0f417f6358892783860e08bf093d027764cf"],"severity":"High","types":["ID"],"spl":"2022-07-01","vanir_signatures":[{"deprecated":false,"target":{"file":"bta/hf_client/bta_hf_client_at.cc"},"id":"ASB-A-220732646-661c8e23","signature_version":"v1","signature_type":"Line","digest":{"line_hashes":["205516247379723093190107529820985818835","284698599951166404841017736866893809950","23181201197599775582528491043066744012","327095647922658433065392263037062196298","129786613184741619539432120699389574637"],"threshold":0.9},"source":"https://android.googlesource.com/platform/system/bt/+/863a0f417f6358892783860e08bf093d027764cf"}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-220732646.json"}},{"package":{"name":"platform/system/bt","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2022-07-01"}]}],"versions":["12"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/bt/+/45d32366dc9770e41ca2110537fef076f98a4c5a"],"severity":"High","types":["ID"],"spl":"2022-07-01","vanir_signatures":[{"deprecated":false,"target":{"file":"bta/hf_client/bta_hf_client_at.cc"},"id":"ASB-A-220732646-46e3b7e1","signature_version":"v1","signature_type":"Line","digest":{"line_hashes":["205516247379723093190107529820985818835","284698599951166404841017736866893809950","23181201197599775582528491043066744012","327095647922658433065392263037062196298","129786613184741619539432120699389574637"],"threshold":0.9},"source":"https://android.googlesource.com/platform/system/bt/+/45d32366dc9770e41ca2110537fef076f98a4c5a"}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-220732646.json"}}],"schema_version":"1.7.5"}