{"id":"ASB-A-275057847","details":"In multiple functions of btm_ble_gap.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-275057847","CVE-2023-45773"],"modified":"2026-04-17T15:55:28.020024Z","published":"2023-12-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2023-12-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/7b30443dac7bb9138275c909549110191bcbcae9"}],"affected":[{"package":{"name":"platform/packages/modules/Bluetooth","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"14-next:0"},{"fixed":"14-next:2023-12-01"}]}],"versions":["14-next"],"ecosystem_specific":{"spl":"2023-12-01","severity":"High","types":["EoP"],"fixes":["https://android.googlesource.com/platform/packages/modules/Bluetooth/+/3bb913ee8c7da4602798db754045c0fac57afecf"],"vanir_signatures":[{"id":"ASB-A-275057847-202324b2","digest":{"length":949,"function_hash":"246882659036614777100561683410077148485"},"source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/3bb913ee8c7da4602798db754045c0fac57afecf","target":{"file":"system/stack/btm/btm_ble_gap.cc","function":"BTM_BlePeriodicSyncSetInfo"},"signature_type":"Function","deprecated":false,"signature_version":"v1"},{"id":"ASB-A-275057847-5669f9e2","digest":{"length":966,"function_hash":"97755488648926379772386719676982052545"},"source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/3bb913ee8c7da4602798db754045c0fac57afecf","target":{"file":"system/stack/btm/btm_ble_gap.cc","function":"BTM_BlePeriodicSyncTransfer"},"signature_type":"Function","deprecated":false,"signature_version":"v1"},{"id":"ASB-A-275057847-6678219f","digest":{"length":631,"function_hash":"126904548340751815989801536040087105665"},"source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/3bb913ee8c7da4602798db754045c0fac57afecf","target":{"file":"system/stack/btm/btm_ble_gap.cc","function":"btm_ble_start_sync_timeout"},"signature_type":"Function","deprecated":false,"signature_version":"v1"},{"id":"ASB-A-275057847-9a9f5c36","digest":{"length":680,"function_hash":"130921702505814118263895064456259885378"},"source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/3bb913ee8c7da4602798db754045c0fac57afecf","target":{"file":"system/stack/btm/btm_ble_gap.cc","function":"btm_ble_start_sync_request"},"signature_type":"Function","deprecated":false,"signature_version":"v1"},{"id":"ASB-A-275057847-9b85f3c0","digest":{"threshold":0.9,"line_hashes":["43864245619447460749875237851787664551","167548532180185462033831461179691632619","33575135035212560886115356346310377998","226756959700525368721015644821424642847","15368537722831841663178536074201952112","67674782737042082763137047287714577766","226622384061478884546808137033764846404","12088250185168833025521856155059416891","152668483481076418644668288044788974127","214232302117138856613462659433579297534","140344414876104536602397486092947308877","217766433110994427985590687834173348340","263151270257031066669012561786751224421","248130766202438940892703797255664643667","32053527644928171251614505547020290214","101572736127874747516684315745846603189","296379762876518701606384767804258646863","151263010402120895611752760767850715445","53791275150963334587617480176223235502","101572736127874747516684315745846603189","296379762876518701606384767804258646863","151263010402120895611752760767850715445","53791275150963334587617480176223235502"]},"source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/3bb913ee8c7da4602798db754045c0fac57afecf","target":{"file":"system/stack/btm/btm_ble_gap.cc"},"signature_type":"Line","deprecated":false,"signature_version":"v1"},{"id":"ASB-A-275057847-eb0cb207","digest":{"length":570,"function_hash":"78668012657219645030498776305440712796"},"source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/3bb913ee8c7da4602798db754045c0fac57afecf","target":{"file":"system/stack/btm/btm_ble_gap.cc","function":"BTM_BleStartPeriodicSync"},"signature_type":"Function","deprecated":false,"signature_version":"v1"}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-275057847.json"}},{"package":{"name":"platform/packages/modules/Bluetooth","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2023-12-01"}]}],"versions":["13"],"ecosystem_specific":{"spl":"2023-12-01","severity":"High","types":["EoP"],"fixes":["https://android.googlesource.com/platform/packages/modules/Bluetooth/+/3bb913ee8c7da4602798db754045c0fac57afecf"],"vanir_signatures":[{"id":"ASB-A-275057847-30ae00e4","digest":{"length":680,"function_hash":"130921702505814118263895064456259885378"},"source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/3bb913ee8c7da4602798db754045c0fac57afecf","target":{"file":"system/stack/btm/btm_ble_gap.cc","function":"btm_ble_start_sync_request"},"signature_type":"Function","deprecated":false,"signature_version":"v1"},{"id":"ASB-A-275057847-3e2df005","digest":{"threshold":0.9,"line_hashes":["43864245619447460749875237851787664551","167548532180185462033831461179691632619","33575135035212560886115356346310377998","226756959700525368721015644821424642847","15368537722831841663178536074201952112","67674782737042082763137047287714577766","226622384061478884546808137033764846404","12088250185168833025521856155059416891","152668483481076418644668288044788974127","214232302117138856613462659433579297534","140344414876104536602397486092947308877","217766433110994427985590687834173348340","263151270257031066669012561786751224421","248130766202438940892703797255664643667","32053527644928171251614505547020290214","101572736127874747516684315745846603189","296379762876518701606384767804258646863","151263010402120895611752760767850715445","53791275150963334587617480176223235502","101572736127874747516684315745846603189","296379762876518701606384767804258646863","151263010402120895611752760767850715445","53791275150963334587617480176223235502"]},"source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/3bb913ee8c7da4602798db754045c0fac57afecf","target":{"file":"system/stack/btm/btm_ble_gap.cc"},"signature_type":"Line","deprecated":false,"signature_version":"v1"},{"id":"ASB-A-275057847-48c0e647","digest":{"length":631,"function_hash":"126904548340751815989801536040087105665"},"source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/3bb913ee8c7da4602798db754045c0fac57afecf","target":{"file":"system/stack/btm/btm_ble_gap.cc","function":"btm_ble_start_sync_timeout"},"signature_type":"Function","deprecated":false,"signature_version":"v1"},{"id":"ASB-A-275057847-5e9fba60","digest":{"length":966,"function_hash":"97755488648926379772386719676982052545"},"source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/3bb913ee8c7da4602798db754045c0fac57afecf","target":{"file":"system/stack/btm/btm_ble_gap.cc","function":"BTM_BlePeriodicSyncTransfer"},"signature_type":"Function","deprecated":false,"signature_version":"v1"},{"id":"ASB-A-275057847-6b7bdffc","digest":{"length":949,"function_hash":"246882659036614777100561683410077148485"},"source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/3bb913ee8c7da4602798db754045c0fac57afecf","target":{"file":"system/stack/btm/btm_ble_gap.cc","function":"BTM_BlePeriodicSyncSetInfo"},"signature_type":"Function","deprecated":false,"signature_version":"v1"},{"id":"ASB-A-275057847-f446e077","digest":{"length":570,"function_hash":"78668012657219645030498776305440712796"},"source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/3bb913ee8c7da4602798db754045c0fac57afecf","target":{"file":"system/stack/btm/btm_ble_gap.cc","function":"BTM_BleStartPeriodicSync"},"signature_type":"Function","deprecated":false,"signature_version":"v1"}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-275057847.json"}},{"package":{"name":"platform/packages/modules/Bluetooth","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"14:0"},{"fixed":"14:2023-12-01"}]}],"versions":["14"],"ecosystem_specific":{"spl":"2023-12-01","severity":"High","types":["EoP"],"fixes":["https://android.googlesource.com/platform/packages/modules/Bluetooth/+/3bb913ee8c7da4602798db754045c0fac57afecf"],"vanir_signatures":[{"id":"ASB-A-275057847-6bab0964","digest":{"threshold":0.9,"line_hashes":["43864245619447460749875237851787664551","167548532180185462033831461179691632619","33575135035212560886115356346310377998","226756959700525368721015644821424642847","15368537722831841663178536074201952112","67674782737042082763137047287714577766","226622384061478884546808137033764846404","12088250185168833025521856155059416891","152668483481076418644668288044788974127","214232302117138856613462659433579297534","140344414876104536602397486092947308877","217766433110994427985590687834173348340","263151270257031066669012561786751224421","248130766202438940892703797255664643667","32053527644928171251614505547020290214","101572736127874747516684315745846603189","296379762876518701606384767804258646863","151263010402120895611752760767850715445","53791275150963334587617480176223235502","101572736127874747516684315745846603189","296379762876518701606384767804258646863","151263010402120895611752760767850715445","53791275150963334587617480176223235502"]},"source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/3bb913ee8c7da4602798db754045c0fac57afecf","target":{"file":"system/stack/btm/btm_ble_gap.cc"},"signature_type":"Line","deprecated":false,"signature_version":"v1"},{"id":"ASB-A-275057847-6f9f6574","digest":{"length":966,"function_hash":"97755488648926379772386719676982052545"},"source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/3bb913ee8c7da4602798db754045c0fac57afecf","target":{"file":"system/stack/btm/btm_ble_gap.cc","function":"BTM_BlePeriodicSyncTransfer"},"signature_type":"Function","deprecated":false,"signature_version":"v1"},{"id":"ASB-A-275057847-9dc83e9b","digest":{"length":631,"function_hash":"126904548340751815989801536040087105665"},"source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/3bb913ee8c7da4602798db754045c0fac57afecf","target":{"file":"system/stack/btm/btm_ble_gap.cc","function":"btm_ble_start_sync_timeout"},"signature_type":"Function","deprecated":false,"signature_version":"v1"},{"id":"ASB-A-275057847-a8e18eb7","digest":{"length":680,"function_hash":"130921702505814118263895064456259885378"},"source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/3bb913ee8c7da4602798db754045c0fac57afecf","target":{"file":"system/stack/btm/btm_ble_gap.cc","function":"btm_ble_start_sync_request"},"signature_type":"Function","deprecated":false,"signature_version":"v1"},{"id":"ASB-A-275057847-d1a7d960","digest":{"length":949,"function_hash":"246882659036614777100561683410077148485"},"source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/3bb913ee8c7da4602798db754045c0fac57afecf","target":{"file":"system/stack/btm/btm_ble_gap.cc","function":"BTM_BlePeriodicSyncSetInfo"},"signature_type":"Function","deprecated":false,"signature_version":"v1"},{"id":"ASB-A-275057847-d365650c","digest":{"length":570,"function_hash":"78668012657219645030498776305440712796"},"source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/3bb913ee8c7da4602798db754045c0fac57afecf","target":{"file":"system/stack/btm/btm_ble_gap.cc","function":"BTM_BleStartPeriodicSync"},"signature_type":"Function","deprecated":false,"signature_version":"v1"}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-275057847.json"}}],"schema_version":"1.7.5"}