{"id":"ASB-A-274478807","details":"In BTM_BleVerifySignature of btm_ble.cc, there is a possible way to bypass signature validation due to side channel information disclosure. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-274478807","CVE-2023-40090"],"modified":"2026-05-22T15:55:21.353668239Z","published":"2023-12-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2023-12-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/495417bd068c35de0729d9a332639bd0699153ff"}],"affected":[{"package":{"name":"platform/packages/modules/Bluetooth","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2023-12-01"}]}],"versions":["13"],"ecosystem_specific":{"vanir_signatures":[{"deprecated":false,"signature_version":"v1","target":{"file":"system/stack/btm/btm_ble.cc"},"id":"ASB-A-274478807-7d385009","signature_type":"Line","digest":{"line_hashes":["73604053638893654442075446677088485044","282059303716900127485036754162182556256","217706887452652472909775799195184585659","115226672382767376581534584658274644606","310695147471039599526984977300380065240","55480721152862074085235881525030013126","245145732093958882139270013324568634314","223569041101689020007613077388764483895","71874906898404393574206338313885779023","36445870366340891229985690735977164152","61195958099683017752557694320560501319","164740465748603696628054194055557693252","173240706905291627675062426793424631335"],"threshold":0.9},"source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/7a960ac1c0cbc6d3949b6eaa7a86302a0b20c04f"}],"spl":"2023-12-01","types":["EoP"],"severity":"High","fixes":["https://android.googlesource.com/platform/packages/modules/Bluetooth/+/7a960ac1c0cbc6d3949b6eaa7a86302a0b20c04f"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-274478807.json"}},{"package":{"name":"platform/packages/modules/Bluetooth","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"14:0"},{"fixed":"14:2023-12-01"}]}],"versions":["14"],"ecosystem_specific":{"vanir_signatures":[{"digest":{"line_hashes":["73604053638893654442075446677088485044","282059303716900127485036754162182556256","217706887452652472909775799195184585659","115226672382767376581534584658274644606","310695147471039599526984977300380065240","55480721152862074085235881525030013126","245145732093958882139270013324568634314","223569041101689020007613077388764483895","71874906898404393574206338313885779023","36445870366340891229985690735977164152","61195958099683017752557694320560501319","164740465748603696628054194055557693252","173240706905291627675062426793424631335"],"threshold":0.9},"deprecated":false,"target":{"file":"system/stack/btm/btm_ble.cc"},"signature_version":"v1","signature_type":"Line","id":"ASB-A-274478807-dbfae699","source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/7a960ac1c0cbc6d3949b6eaa7a86302a0b20c04f"}],"spl":"2023-12-01","types":["EoP"],"severity":"High","fixes":["https://android.googlesource.com/platform/packages/modules/Bluetooth/+/7a960ac1c0cbc6d3949b6eaa7a86302a0b20c04f"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-274478807.json"}}],"schema_version":"1.7.5"}