{"id":"PUB-A-256165737","details":"In btu_ble_rc_param_req_evt of btu_hcif.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-256165737","CVE-2023-20981"],"modified":"2026-05-29T15:55:33.750044621Z","published":"2023-06-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2023-06-01"}],"affected":[{"package":{"name":"platform/packages/modules/Bluetooth","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13-next:0"},{"fixed":"13-next:2023-06-01"}]}],"versions":["13-next"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/packages/modules/Bluetooth/+/72c35a1cde78249c1749300cf208298f745d225a"],"spl":"2023-06-01","vanir_signatures":[{"signature_version":"v1","id":"PUB-A-256165737-39ad2d40","source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/72c35a1cde78249c1749300cf208298f745d225a","digest":{"function_hash":"336582734661748564958037119141585034711","length":4792},"signature_type":"Function","deprecated":false,"target":{"file":"system/stack/btu/btu_hcif.cc","function":"btu_hcif_process_event"}},{"signature_version":"v1","id":"PUB-A-256165737-b093188c","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["122445623140582117476716815864619406966","270237901051771015591452979276819797519","301973965513952811863754946145588730064","18063600987660727020396096173085053061","79157904431448262747082275857495241374","35387678221282559177479552950988699557","329015732910744385759688024268818136589","45449181739673993241176699503569153431","181624077784582716377852058212826525708","213992691007000150893341665815023272341","65194841672755231150424500980152141629","211238691417689538152163424776491854796","262108294216214657050525185873324354416","267083727085991318796826883174902489202"]},"source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/72c35a1cde78249c1749300cf208298f745d225a","signature_type":"Line","target":{"file":"system/stack/btu/btu_hcif.cc"}},{"signature_version":"v1","id":"PUB-A-256165737-b8b92809","signature_type":"Function","digest":{"function_hash":"176204503959658893950115173833424090215","length":263},"deprecated":false,"source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/72c35a1cde78249c1749300cf208298f745d225a","target":{"file":"system/stack/btu/btu_hcif.cc","function":"btu_ble_rc_param_req_evt"}}],"severity":"Moderate","types":["ID"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/PUB-A-256165737.json"}},{"package":{"name":"platform/packages/modules/Bluetooth","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2023-06-01"}]}],"versions":["13"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/packages/modules/Bluetooth/+/5bdefb74e944c86b8665b6627b85818641bac92f"],"severity":"Moderate","vanir_signatures":[{"signature_version":"v1","id":"PUB-A-256165737-679b28ff","signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["122445623140582117476716815864619406966","270237901051771015591452979276819797519","301973965513952811863754946145588730064","18063600987660727020396096173085053061","79157904431448262747082275857495241374","35387678221282559177479552950988699557","329015732910744385759688024268818136589","45449181739673993241176699503569153431","181624077784582716377852058212826525708","213992691007000150893341665815023272341","65194841672755231150424500980152141629","211238691417689538152163424776491854796","262108294216214657050525185873324354416","267083727085991318796826883174902489202"]},"deprecated":false,"source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/5bdefb74e944c86b8665b6627b85818641bac92f","target":{"file":"system/stack/btu/btu_hcif.cc"}},{"signature_version":"v1","id":"PUB-A-256165737-7715a119","deprecated":false,"digest":{"function_hash":"232227972830537180929657144775355121285","length":4846},"source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/5bdefb74e944c86b8665b6627b85818641bac92f","signature_type":"Function","target":{"file":"system/stack/btu/btu_hcif.cc","function":"btu_hcif_process_event"}},{"signature_version":"v1","id":"PUB-A-256165737-a596a194","deprecated":false,"digest":{"function_hash":"176204503959658893950115173833424090215","length":263},"source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/5bdefb74e944c86b8665b6627b85818641bac92f","signature_type":"Function","target":{"file":"system/stack/btu/btu_hcif.cc","function":"btu_ble_rc_param_req_evt"}}],"spl":"2023-06-01","types":["ID"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/PUB-A-256165737.json"}}],"schema_version":"1.7.5"}