{"id":"ASB-A-231161832","details":"In btif_dm_auth_cmpl_evt of btif_dm.cc, there is a possible vulnerability in Cross-Transport Key Derivation due to Weakness in Bluetooth Standard. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-231161832","CVE-2022-20361"],"modified":"2026-04-17T15:55:28.020024Z","published":"2022-08-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2022-08-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/system/bt/+/6ad3f69b2199d953647e1053e8de2a8c26f1b8d6"},{"type":"FIX","url":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/fe358db0055e04ce779760a4af7127b62ef1f4fa"}],"affected":[{"package":{"name":"platform/system/bt","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"10:0"},{"fixed":"10:2022-08-01"}]}],"versions":["10"],"ecosystem_specific":{"spl":"2022-08-01","severity":"High","fixes":["https://android.googlesource.com/platform/system/bt/+/21df1076a4b9c1d1bbe3f5ecb475fe0b7c1b8c2a"],"vanir_signatures":[{"id":"ASB-A-231161832-4a8dabc8","signature_type":"Line","deprecated":false,"signature_version":"v1","target":{"file":"btif/src/btif_dm.cc"},"source":"https://android.googlesource.com/platform/system/bt/+/21df1076a4b9c1d1bbe3f5ecb475fe0b7c1b8c2a","digest":{"threshold":0.9,"line_hashes":["155913144021378683436155797221628687420","171637098634629174589416245080161450766","155717385054888379048271655893029346988","46643993917118570152881840902373659619","7154684571415361070313675271200547726","64196000651627500630870698709013979691","237515720733202254667559770393489400365","299898572284227807643383709872175108567","312292796004805039980542919484067449510","105922491511705293652491594246266023139","300839439507607119005412988824370853381","321893301638270271118140534282829262887","309485616464083531898752752851898369381"]}},{"id":"ASB-A-231161832-ef2ec400","signature_type":"Function","deprecated":false,"signature_version":"v1","target":{"file":"btif/src/btif_dm.cc","function":"btif_dm_auth_cmpl_evt"},"source":"https://android.googlesource.com/platform/system/bt/+/21df1076a4b9c1d1bbe3f5ecb475fe0b7c1b8c2a","digest":{"length":4354,"function_hash":"339222158557441203393941650598524772152"}}],"types":["EoP"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-231161832.json"}},{"package":{"name":"platform/system/bt","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"11:0"},{"fixed":"11:2022-08-01"}]}],"versions":["11"],"ecosystem_specific":{"spl":"2022-08-01","severity":"High","fixes":["https://android.googlesource.com/platform/system/bt/+/d9a9f9aaecd5bc46827b40db5a2e5745056440fd"],"vanir_signatures":[{"id":"ASB-A-231161832-43cc56b5","signature_type":"Line","deprecated":false,"signature_version":"v1","target":{"file":"btif/src/btif_dm.cc"},"source":"https://android.googlesource.com/platform/system/bt/+/d9a9f9aaecd5bc46827b40db5a2e5745056440fd","digest":{"threshold":0.9,"line_hashes":["281038502249986630575748519143314696849","72197688718750751391239254819225338042","338918488766901507058381519227265327981","20759972281627573174124764572275216719","311418104710480438400218884651805836658","7154684571415361070313675271200547726","35847011711488605409754092891423926885","35876981577700395519483766362007945250","74793239645793207235314766573288209278","89942994437809222703622311834297087568","180115128368971591478332975000459982295","201715510797139776704144394770091320084","139085585212593830798429066256726099793","97662045186069946370174839789910839851","279796299712718262204248636763671731527","233433545915128667687598604890310512647"]}},{"id":"ASB-A-231161832-c944f133","signature_type":"Function","deprecated":false,"signature_version":"v1","target":{"file":"btif/src/btif_dm.cc","function":"btif_dm_auth_cmpl_evt"},"source":"https://android.googlesource.com/platform/system/bt/+/d9a9f9aaecd5bc46827b40db5a2e5745056440fd","digest":{"length":4537,"function_hash":"73689322892524819627989823368260004637"}}],"types":["EoP"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-231161832.json"}},{"package":{"name":"platform/system/bt","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2022-08-01"}]}],"versions":["12"],"ecosystem_specific":{"spl":"2022-08-01","severity":"High","fixes":["https://android.googlesource.com/platform/system/bt/+/b0d24fcd940993c518f92b0ee4df5742b95dcfc4"],"vanir_signatures":[{"id":"ASB-A-231161832-27d61c0a","signature_type":"Line","deprecated":false,"signature_version":"v1","target":{"file":"btif/src/btif_dm.cc"},"source":"https://android.googlesource.com/platform/system/bt/+/b0d24fcd940993c518f92b0ee4df5742b95dcfc4","digest":{"threshold":0.9,"line_hashes":["222836440643992615353875424033600584071","232618286195615997000739277470485005742","213456899501931352574478292603151719957","231244916165462127494072958874732629115","186279845419743164384933534640996078815","11467096402748902967664410109067256570","1690482776887522843859492503434578577","11648869612130042197703327793807419762","82274207637916328501549683180612018960","7154684571415361070313675271200547726","159196903491874675396552078808025489266","296851379831879485199039643506728385480","52176092958150272323088281254917330906","218381473694905084969775577694333507656","180993196266607633012710558205714375435","30984294342602684712967291352240254310","125461633491760122188030886933493096655","144678437641515801717708615157457148359","267238091813756161768399101085681583674","212380816164120271258999546627855341624","218381473694905084969775577694333507656","312440967877922871926599967687015713453","313673972089025565756260425137054106040","23639857049730241874146425438170274714"]}},{"id":"ASB-A-231161832-6715e9bc","signature_type":"Function","deprecated":false,"signature_version":"v1","target":{"file":"btif/src/btif_dm.cc","function":"btif_dm_auth_cmpl_evt"},"source":"https://android.googlesource.com/platform/system/bt/+/b0d24fcd940993c518f92b0ee4df5742b95dcfc4","digest":{"length":4954,"function_hash":"170726132245754375231028467631209869703"}}],"types":["EoP"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-231161832.json"}}],"schema_version":"1.7.5"}