{"id":"ASB-A-242535997","details":"In avdt_scb_hdl_write_req of avdt_scb_act.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-242535997","CVE-2023-20931"],"modified":"2026-04-28T15:17:37.552933Z","published":"2023-03-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2023-03-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/789d4bc617da23dc86d288c53c80a242d3a6850f"}],"affected":[{"package":{"name":"platform/packages/modules/Bluetooth","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13-next:0"},{"fixed":"13-next:2023-03-01"}]}],"versions":["13-next"],"ecosystem_specific":{"vanir_signatures":[{"target":{"file":"system/stack/avdt/avdt_scb_act.cc"},"digest":{"line_hashes":["144940686777104710571966521297968008422","219232503302018254571802627114048278085","269556321489143915640961737916683630537","46125424436412511154327772841996970179"],"threshold":0.9},"deprecated":false,"id":"ASB-A-242535997-6572e876","signature_version":"v1","source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/be058b1eb979599c7d515463a1e9f7ec1b2344c4","signature_type":"Line"},{"target":{"function":"avdt_scb_hdl_write_req","file":"system/stack/avdt/avdt_scb_act.cc"},"digest":{"length":925,"function_hash":"21316893359240151507608382100880029294"},"deprecated":false,"id":"ASB-A-242535997-bc283278","signature_version":"v1","source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/be058b1eb979599c7d515463a1e9f7ec1b2344c4","signature_type":"Function"}],"fixes":["https://android.googlesource.com/platform/packages/modules/Bluetooth/+/be058b1eb979599c7d515463a1e9f7ec1b2344c4"],"types":["EoP"],"spl":"2023-03-01","severity":"High"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-242535997.json"}},{"package":{"name":"platform/system/bt","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"11:0"},{"fixed":"11:2023-03-01"}]}],"versions":["11"],"ecosystem_specific":{"vanir_signatures":[{"target":{"function":"avdt_scb_hdl_write_req","file":"stack/avdt/avdt_scb_act.cc"},"digest":{"length":925,"function_hash":"21316893359240151507608382100880029294"},"deprecated":false,"id":"ASB-A-242535997-a9ab0d67","signature_version":"v1","source":"https://android.googlesource.com/platform/system/bt/+/eca4a3cdb0da240496341f546a57397434ec85dd","signature_type":"Function"},{"target":{"file":"stack/avdt/avdt_scb_act.cc"},"digest":{"line_hashes":["144940686777104710571966521297968008422","219232503302018254571802627114048278085","269556321489143915640961737916683630537","46125424436412511154327772841996970179"],"threshold":0.9},"deprecated":false,"id":"ASB-A-242535997-db40fffd","signature_version":"v1","source":"https://android.googlesource.com/platform/system/bt/+/eca4a3cdb0da240496341f546a57397434ec85dd","signature_type":"Line"}],"fixes":["https://android.googlesource.com/platform/system/bt/+/eca4a3cdb0da240496341f546a57397434ec85dd"],"types":["EoP"],"spl":"2023-03-01","severity":"High"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-242535997.json"}},{"package":{"name":"platform/packages/modules/Bluetooth","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2023-03-01"}]}],"versions":["13"],"ecosystem_specific":{"vanir_signatures":[{"target":{"function":"avdt_scb_hdl_write_req","file":"system/stack/avdt/avdt_scb_act.cc"},"digest":{"length":925,"function_hash":"21316893359240151507608382100880029294"},"deprecated":false,"id":"ASB-A-242535997-ae3001ab","signature_version":"v1","source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/789d4bc617da23dc86d288c53c80a242d3a6850f","signature_type":"Function"},{"target":{"file":"system/stack/avdt/avdt_scb_act.cc"},"digest":{"line_hashes":["144940686777104710571966521297968008422","219232503302018254571802627114048278085","269556321489143915640961737916683630537","46125424436412511154327772841996970179"],"threshold":0.9},"deprecated":false,"id":"ASB-A-242535997-ee4fddd8","signature_version":"v1","source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/789d4bc617da23dc86d288c53c80a242d3a6850f","signature_type":"Line"}],"fixes":["https://android.googlesource.com/platform/packages/modules/Bluetooth/+/789d4bc617da23dc86d288c53c80a242d3a6850f"],"types":["EoP"],"spl":"2023-03-01","severity":"High"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-242535997.json"}}],"schema_version":"1.7.5"}