{"id":"ASB-A-233604485","details":"In PAN_WriteBuf of pan_api.cc, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-233604485","CVE-2022-20447"],"modified":"2026-04-17T15:55:28.020024Z","published":"2022-11-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2022-11-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/7281ef11c05226ef0591dab4b6b18af958d260fd"}],"affected":[{"package":{"name":"platform/packages/modules/Bluetooth","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2022-11-01"}]}],"versions":["13"],"ecosystem_specific":{"severity":"High","types":["ID"],"fixes":["https://android.googlesource.com/platform/packages/modules/Bluetooth/+/ca6cac4996a2a8c5369c646648ccbc49e29658c6"],"vanir_signatures":[{"source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/ca6cac4996a2a8c5369c646648ccbc49e29658c6","id":"ASB-A-233604485-03911f49","signature_version":"v1","target":{"file":"system/stack/pan/pan_api.cc","function":"PAN_WriteBuf"},"digest":{"length":2394,"function_hash":"260155697083554976185382983585275213635"},"deprecated":false,"signature_type":"Function"},{"source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/ca6cac4996a2a8c5369c646648ccbc49e29658c6","id":"ASB-A-233604485-ea810b08","signature_version":"v1","target":{"file":"system/stack/pan/pan_api.cc"},"digest":{"line_hashes":["77851397837939799812362560667270571489","314643240867363058235971608764278022327","130519389022366491175327310431791576712","52597213690214837673138779270240458075","182103903040077742802185255543840185871","295429756343597966789740385567396952209","236418432111869677280663840886808248516"],"threshold":0.9},"deprecated":false,"signature_type":"Line"}],"spl":"2022-11-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-233604485.json"}}],"schema_version":"1.7.5"}