{"id":"ASB-A-318374503","details":"In access_secure_service_from_temp_bond of btm_sec.cc, there is a possible way to achieve keystroke injection due to improper input validation. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-318374503","CVE-2024-23717"],"modified":"2026-05-27T15:53:17.428190120Z","published":"2024-03-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2024-03-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/c5c528beb6e1cfed3ec93a3a264084df32ce83c2"}],"affected":[{"package":{"name":"platform/packages/modules/Bluetooth","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"14-next:0"},{"fixed":"14-next:2024-03-01"}]}],"versions":["14-next"],"ecosystem_specific":{"spl":"2024-03-01","fixes":["https://android.googlesource.com/platform/packages/modules/Bluetooth/+/9402b43e919b3706d33a4534e13468b95896b5c5"],"types":["EoP"],"severity":"Critical","vanir_signatures":[{"signature_type":"Function","id":"ASB-A-318374503-3ca3c81e","signature_version":"v1","digest":{"length":232,"function_hash":"333735336583064087039902703448593069282"},"target":{"function":"access_secure_service_from_temp_bond","file":"system/stack/btm/btm_sec.cc"},"source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/9402b43e919b3706d33a4534e13468b95896b5c5","deprecated":false},{"signature_type":"Line","id":"ASB-A-318374503-c8a82fef","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["73020516892836227850873902746339412076","225516260501769301590541943710397904252","105654584775185336510310529998476958019","325063771327590450643352016418496974272"]},"target":{"file":"system/stack/btm/btm_sec.cc"},"source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/9402b43e919b3706d33a4534e13468b95896b5c5","deprecated":false}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-318374503.json"}},{"package":{"name":"platform/packages/modules/Bluetooth","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2024-03-01"}]}],"versions":["13"],"ecosystem_specific":{"spl":"2024-03-01","fixes":["https://android.googlesource.com/platform/packages/modules/Bluetooth/+/62944f39f502b28687a5142ec2d77585525591bc"],"types":["EoP"],"severity":"Critical","vanir_signatures":[{"signature_type":"Line","id":"ASB-A-318374503-88fe4656","source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/62944f39f502b28687a5142ec2d77585525591bc","digest":{"threshold":0.9,"line_hashes":["231790709002883891973800308045898413132","295905668830846017767970564492123207739","295610151115085055824572039453931712567","17400750266784036359344154410214078877","227633893623229621582798433050040704196"]},"signature_version":"v1","target":{"file":"system/stack/btm/btm_sec.cc"},"deprecated":false},{"signature_type":"Function","id":"ASB-A-318374503-9eb84a84","signature_version":"v1","digest":{"length":212,"function_hash":"115920379014818069597213206974632673599"},"source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/62944f39f502b28687a5142ec2d77585525591bc","target":{"function":"access_secure_service_from_temp_bond","file":"system/stack/btm/btm_sec.cc"},"deprecated":false}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-318374503.json"}},{"package":{"name":"platform/packages/modules/Bluetooth","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"14:0"},{"fixed":"14:2024-03-01"}]}],"versions":["14"],"ecosystem_specific":{"spl":"2024-03-01","fixes":["https://android.googlesource.com/platform/packages/modules/Bluetooth/+/62944f39f502b28687a5142ec2d77585525591bc"],"types":["EoP"],"severity":"Critical","vanir_signatures":[{"signature_type":"Line","id":"ASB-A-318374503-6f9c3a80","target":{"file":"system/stack/btm/btm_sec.cc"},"digest":{"threshold":0.9,"line_hashes":["231790709002883891973800308045898413132","295905668830846017767970564492123207739","295610151115085055824572039453931712567","17400750266784036359344154410214078877","227633893623229621582798433050040704196"]},"source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/62944f39f502b28687a5142ec2d77585525591bc","signature_version":"v1","deprecated":false},{"signature_type":"Function","id":"ASB-A-318374503-8054a4a2","signature_version":"v1","digest":{"length":212,"function_hash":"115920379014818069597213206974632673599"},"source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/62944f39f502b28687a5142ec2d77585525591bc","target":{"function":"access_secure_service_from_temp_bond","file":"system/stack/btm/btm_sec.cc"},"deprecated":false}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-318374503.json"}}],"schema_version":"1.7.5"}