{"id":"ASB-A-251514170","details":"In smp_proc_rand of smp_act.cc, there is a possible authentication bypass during legacy BLE pairing due to incorrect implementation of a protocol. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-251514170","CVE-2024-34722"],"modified":"2026-05-29T15:55:33.750044621Z","published":"2025-01-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2025-01-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/317b4e293cefe18fe8c58c1de0c4a6741bd05629"},{"type":"FIX","url":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/6ad3d749f7f632787f29710ce23736e10d2969bf"}],"affected":[{"package":{"name":"platform/packages/modules/Bluetooth","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"15-next:0"},{"fixed":"15-next:2025-01-01"}]}],"versions":["15-next"],"ecosystem_specific":{"severity":"High","spl":"2025-01-01","types":["EoP"],"fixes":["https://android.googlesource.com/platform/packages/modules/Bluetooth/+/eaa367379e0f08d5ab3167ac49136343e0c87e52"],"vanir_signatures":[{"source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/eaa367379e0f08d5ab3167ac49136343e0c87e52","target":{"file":"system/stack/smp/smp_act.cc","function":"smp_proc_rand"},"id":"ASB-A-251514170-3fbe783e","digest":{"length":352,"function_hash":"321571789285904334492730743639956922213"},"signature_type":"Function","signature_version":"v1","deprecated":false},{"source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/eaa367379e0f08d5ab3167ac49136343e0c87e52","target":{"file":"system/stack/smp/smp_act.cc","function":"smp_send_confirm"},"id":"ASB-A-251514170-a2866d9a","digest":{"length":155,"function_hash":"310836050937169455387554377117328168799"},"signature_type":"Function","signature_version":"v1","deprecated":false},{"source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/eaa367379e0f08d5ab3167ac49136343e0c87e52","id":"ASB-A-251514170-f93c8a46","digest":{"line_hashes":["76016990345088518128060597595811943963","302590340112657390498622356868910682549","223964831944845757341067812058928167970","199893950464949796952010713464199678017","63269745553648631491921231036164254688","133178774613934554449228570743171422198","235887221604097201012289294919459199777"],"threshold":0.9},"target":{"file":"system/stack/smp/smp_act.cc"},"signature_type":"Line","signature_version":"v1","deprecated":false}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-251514170.json"}},{"package":{"name":"platform/system/bt","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2025-01-01"}]}],"versions":["12"],"ecosystem_specific":{"severity":"High","spl":"2025-01-01","fixes":["https://android.googlesource.com/platform/system/bt/+/8a3dbadc71428a30b172a74343be08498c656747","https://android.googlesource.com/platform/system/bt/+/f1ecd2dc34a536ccc7abe059df4619681d0a94d4"],"types":["EoP"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-251514170.json"}},{"package":{"name":"platform/system/bt","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12L:0"},{"fixed":"12L:2025-01-01"}]}],"versions":["12L"],"ecosystem_specific":{"severity":"High","spl":"2025-01-01","types":["EoP"],"fixes":["https://android.googlesource.com/platform/system/bt/+/8a3dbadc71428a30b172a74343be08498c656747","https://android.googlesource.com/platform/system/bt/+/f1ecd2dc34a536ccc7abe059df4619681d0a94d4"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-251514170.json"}},{"package":{"name":"platform/packages/modules/Bluetooth","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2025-01-01"}]}],"versions":["13"],"ecosystem_specific":{"severity":"High","spl":"2025-01-01","fixes":["https://android.googlesource.com/platform/packages/modules/Bluetooth/+/25a3fcd487c799d5d9029b8646159a0b10143d97","https://android.googlesource.com/platform/packages/modules/Bluetooth/+/7beac6cb722196248e321ed12dfcff68973f2e99"],"types":["EoP"],"vanir_signatures":[{"source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/7beac6cb722196248e321ed12dfcff68973f2e99","signature_version":"v1","digest":{"length":315,"function_hash":"148493323041777107474347058736277815724"},"id":"ASB-A-251514170-3cd93d2b","signature_type":"Function","target":{"file":"system/stack/smp/smp_act.cc","function":"smp_proc_rand"},"deprecated":false},{"source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/25a3fcd487c799d5d9029b8646159a0b10143d97","target":{"file":"system/stack/smp/smp_act.cc","function":"smp_send_confirm"},"id":"ASB-A-251514170-c980456e","digest":{"length":125,"function_hash":"74918214093950259196396537407830598564"},"signature_type":"Function","signature_version":"v1","deprecated":false},{"source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/25a3fcd487c799d5d9029b8646159a0b10143d97","id":"ASB-A-251514170-de456c9d","digest":{"line_hashes":["284655167967645119513794050319058262760","35807173110219351575438918942900306764","269924315002217808095667220357498707577","321499543104801346490054998121629800662","63269745553648631491921231036164254688","133178774613934554449228570743171422198","244876469753238988165122585518203483916"],"threshold":0.9},"target":{"file":"system/stack/smp/smp_act.cc"},"signature_type":"Line","signature_version":"v1","deprecated":false}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-251514170.json"}},{"package":{"name":"platform/packages/modules/Bluetooth","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"14:0"},{"fixed":"14:2025-01-01"}]}],"versions":["14"],"ecosystem_specific":{"severity":"High","spl":"2025-01-01","fixes":["https://android.googlesource.com/platform/packages/modules/Bluetooth/+/25a3fcd487c799d5d9029b8646159a0b10143d97","https://android.googlesource.com/platform/packages/modules/Bluetooth/+/7beac6cb722196248e321ed12dfcff68973f2e99"],"types":["EoP"],"vanir_signatures":[{"source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/25a3fcd487c799d5d9029b8646159a0b10143d97","id":"ASB-A-251514170-173410c4","digest":{"line_hashes":["284655167967645119513794050319058262760","35807173110219351575438918942900306764","269924315002217808095667220357498707577","321499543104801346490054998121629800662","63269745553648631491921231036164254688","133178774613934554449228570743171422198","244876469753238988165122585518203483916"],"threshold":0.9},"target":{"file":"system/stack/smp/smp_act.cc"},"signature_type":"Line","signature_version":"v1","deprecated":false},{"source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/7beac6cb722196248e321ed12dfcff68973f2e99","signature_version":"v1","digest":{"length":315,"function_hash":"148493323041777107474347058736277815724"},"id":"ASB-A-251514170-9fe7d910","signature_type":"Function","target":{"file":"system/stack/smp/smp_act.cc","function":"smp_proc_rand"},"deprecated":false},{"source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/25a3fcd487c799d5d9029b8646159a0b10143d97","digest":{"length":125,"function_hash":"74918214093950259196396537407830598564"},"target":{"file":"system/stack/smp/smp_act.cc","function":"smp_send_confirm"},"signature_version":"v1","signature_type":"Function","id":"ASB-A-251514170-a86bebf3","deprecated":false}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-251514170.json"}}],"schema_version":"1.7.5"}