{"id":"ASB-A-228450451","details":"In BNEP_ConnectResp of bnep_api.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-228450451","CVE-2022-20468"],"modified":"2026-04-17T15:55:28.020024Z","published":"2022-12-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2022-12-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/644f250acd25ef47950c39349eea6fbfbdd41c14"}],"affected":[{"package":{"name":"platform/system/bt","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"10:0"},{"fixed":"10:2022-12-01"}]}],"versions":["10"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/bt/+/0fa54c7d8a2c061202e61d75b805661c1e89a76d"],"vanir_signatures":[{"target":{"file":"stack/bnep/bnep_api.cc"},"signature_type":"Line","id":"ASB-A-228450451-38d4fb4b","digest":{"threshold":0.9,"line_hashes":["19615635629939757925767189986436799647","207990587364688167640515750653759914052","274620203780754120125403676728619555520","32405815071143783313761956769936829827"]},"signature_version":"v1","deprecated":false,"source":"https://android.googlesource.com/platform/system/bt/+/0fa54c7d8a2c061202e61d75b805661c1e89a76d"},{"target":{"file":"stack/bnep/bnep_api.cc","function":"BNEP_ConnectResp"},"signature_type":"Function","id":"ASB-A-228450451-d362a3a4","digest":{"length":1562,"function_hash":"251628678351054005449541836964376859324"},"signature_version":"v1","deprecated":false,"source":"https://android.googlesource.com/platform/system/bt/+/0fa54c7d8a2c061202e61d75b805661c1e89a76d"}],"types":["ID"],"spl":"2022-12-01","severity":"Moderate"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-228450451.json"}},{"package":{"name":"platform/system/bt","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"11:0"},{"fixed":"11:2022-12-01"}]}],"versions":["11"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/bt/+/0fa54c7d8a2c061202e61d75b805661c1e89a76d"],"vanir_signatures":[{"target":{"file":"stack/bnep/bnep_api.cc"},"signature_type":"Line","id":"ASB-A-228450451-27e16e04","digest":{"threshold":0.9,"line_hashes":["19615635629939757925767189986436799647","207990587364688167640515750653759914052","274620203780754120125403676728619555520","32405815071143783313761956769936829827"]},"signature_version":"v1","deprecated":false,"source":"https://android.googlesource.com/platform/system/bt/+/0fa54c7d8a2c061202e61d75b805661c1e89a76d"},{"target":{"file":"stack/bnep/bnep_api.cc","function":"BNEP_ConnectResp"},"signature_type":"Function","id":"ASB-A-228450451-2bd73671","digest":{"length":1562,"function_hash":"251628678351054005449541836964376859324"},"signature_version":"v1","deprecated":false,"source":"https://android.googlesource.com/platform/system/bt/+/0fa54c7d8a2c061202e61d75b805661c1e89a76d"}],"types":["ID"],"spl":"2022-12-01","severity":"Moderate"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-228450451.json"}},{"package":{"name":"platform/system/bt","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2022-12-01"}]}],"versions":["12"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/bt/+/0fa54c7d8a2c061202e61d75b805661c1e89a76d"],"vanir_signatures":[{"target":{"file":"stack/bnep/bnep_api.cc"},"signature_type":"Line","id":"ASB-A-228450451-4fcbe8a0","digest":{"threshold":0.9,"line_hashes":["19615635629939757925767189986436799647","207990587364688167640515750653759914052","274620203780754120125403676728619555520","32405815071143783313761956769936829827"]},"signature_version":"v1","deprecated":false,"source":"https://android.googlesource.com/platform/system/bt/+/0fa54c7d8a2c061202e61d75b805661c1e89a76d"},{"target":{"file":"stack/bnep/bnep_api.cc","function":"BNEP_ConnectResp"},"signature_type":"Function","id":"ASB-A-228450451-4ffc2e49","digest":{"length":1562,"function_hash":"251628678351054005449541836964376859324"},"signature_version":"v1","deprecated":false,"source":"https://android.googlesource.com/platform/system/bt/+/0fa54c7d8a2c061202e61d75b805661c1e89a76d"}],"types":["ID"],"spl":"2022-12-01","severity":"Moderate"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-228450451.json"}},{"package":{"name":"platform/packages/modules/Bluetooth","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2022-12-01"}]}],"versions":["13"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/packages/modules/Bluetooth/+/644f250acd25ef47950c39349eea6fbfbdd41c14"],"vanir_signatures":[{"target":{"file":"system/stack/bnep/bnep_api.cc","function":"BNEP_ConnectResp"},"signature_type":"Function","id":"ASB-A-228450451-64dcb2f6","digest":{"length":1538,"function_hash":"134753087569954871622545896418553395064"},"signature_version":"v1","deprecated":false,"source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/644f250acd25ef47950c39349eea6fbfbdd41c14"},{"target":{"file":"system/stack/bnep/bnep_api.cc"},"signature_type":"Line","id":"ASB-A-228450451-8be034e1","digest":{"threshold":0.9,"line_hashes":["19615635629939757925767189986436799647","207990587364688167640515750653759914052","274620203780754120125403676728619555520","32405815071143783313761956769936829827"]},"signature_version":"v1","deprecated":false,"source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/644f250acd25ef47950c39349eea6fbfbdd41c14"}],"types":["ID"],"spl":"2022-12-01","severity":"Moderate"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-228450451.json"}}],"schema_version":"1.7.5"}