{"id":"PUB-A-255304665","details":"In btm_vendor_specific_evt of btm_devctl.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-255304665","CVE-2023-20972"],"modified":"2026-05-28T15:16:54.500952700Z","published":"2023-06-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2023-06-01"}],"affected":[{"package":{"name":"platform/packages/modules/Bluetooth","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13-next:0"},{"fixed":"13-next:2023-06-01"}]}],"versions":["13-next"],"ecosystem_specific":{"types":["ID"],"fixes":["https://android.googlesource.com/platform/packages/modules/Bluetooth/+/9c12298ca6758558558642ee0bd0416b84b7b293"],"severity":"Moderate","spl":"2023-06-01","vanir_signatures":[{"digest":{"length":1219,"function_hash":"2477471006985661260117548069887641882"},"signature_type":"Function","signature_version":"v1","deprecated":false,"source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/9c12298ca6758558558642ee0bd0416b84b7b293","target":{"function":"btm_vendor_specific_evt","file":"system/stack/btm/btm_devctl.cc"},"id":"PUB-A-255304665-03c76933"},{"digest":{"line_hashes":["83648431535650780160867742783156024480","46779946339216737515961371751147359653","18752286288403103004267859853284941181","149891708636086322423770133438791907006","293022643982786686610171976003110304652","313659330538134013444504814429505597621","40631320006464154610674076700349714047","214548071856105607243922551709932897868","164643282726125086888752020115932010693","275338447504613898984924848348110629410","313750415713891991612973068648816949083","274338805120404352925719698537995244981","174948857539745247927746166797967794962","252807075125489656040283541018715645854","275254542209901769514623782719463807480","277899969821501159901327952485799037940"],"threshold":0.9},"signature_type":"Line","signature_version":"v1","deprecated":false,"source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/9c12298ca6758558558642ee0bd0416b84b7b293","target":{"file":"system/stack/btm/btm_devctl.cc"},"id":"PUB-A-255304665-5ecbf49f"}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/PUB-A-255304665.json"}},{"package":{"name":"platform/packages/modules/Bluetooth","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2023-06-01"}]}],"versions":["13"],"ecosystem_specific":{"types":["ID"],"fixes":["https://android.googlesource.com/platform/packages/modules/Bluetooth/+/9c12298ca6758558558642ee0bd0416b84b7b293"],"severity":"Moderate","spl":"2023-06-01","vanir_signatures":[{"digest":{"function_hash":"2477471006985661260117548069887641882","length":1219},"signature_type":"Function","signature_version":"v1","deprecated":false,"source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/9c12298ca6758558558642ee0bd0416b84b7b293","target":{"function":"btm_vendor_specific_evt","file":"system/stack/btm/btm_devctl.cc"},"id":"PUB-A-255304665-145932e4"},{"digest":{"line_hashes":["83648431535650780160867742783156024480","46779946339216737515961371751147359653","18752286288403103004267859853284941181","149891708636086322423770133438791907006","293022643982786686610171976003110304652","313659330538134013444504814429505597621","40631320006464154610674076700349714047","214548071856105607243922551709932897868","164643282726125086888752020115932010693","275338447504613898984924848348110629410","313750415713891991612973068648816949083","274338805120404352925719698537995244981","174948857539745247927746166797967794962","252807075125489656040283541018715645854","275254542209901769514623782719463807480","277899969821501159901327952485799037940"],"threshold":0.9},"signature_type":"Line","signature_version":"v1","deprecated":false,"source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/9c12298ca6758558558642ee0bd0416b84b7b293","target":{"file":"system/stack/btm/btm_devctl.cc"},"id":"PUB-A-255304665-d3fadb2f"}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/PUB-A-255304665.json"}}],"schema_version":"1.7.5"}