{"id":"PUB-A-260230274","details":"In btu_ble_ll_conn_param_upd_evt of btu_hcif.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the Bluetooth server with System execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-260230274","CVE-2023-20980"],"modified":"2026-05-29T15:55:33.750044621Z","published":"2023-06-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2023-06-01"}],"affected":[{"package":{"name":"platform/packages/modules/Bluetooth","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13-next:0"},{"fixed":"13-next:2023-06-01"}]}],"versions":["13-next"],"ecosystem_specific":{"severity":"Moderate","fixes":["https://android.googlesource.com/platform/packages/modules/Bluetooth/+/bf4f2526b690794d9bc8e8b5823c39d3785cdb9c"],"spl":"2023-06-01","vanir_signatures":[{"signature_type":"Line","id":"PUB-A-260230274-06d15a3f","signature_version":"v1","digest":{"line_hashes":["223665430949230032539209174191649621193","137574529777343100153065203618979368364","138814094814115131521139901648060419831","193322601014283273961668279302861220443","63683800228113025859221491534636832412","159874854170206658240065068090349795748","5293164314322512069819562513273436824"],"threshold":0.9},"target":{"file":"system/stack/btu/btu_hcif.cc"},"deprecated":false,"source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/bf4f2526b690794d9bc8e8b5823c39d3785cdb9c"},{"signature_type":"Function","signature_version":"v1","id":"PUB-A-260230274-dbaa03dc","digest":{"function_hash":"145760792841934854656496123432821406951","length":321},"target":{"function":"btu_ble_ll_conn_param_upd_evt","file":"system/stack/btu/btu_hcif.cc"},"deprecated":false,"source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/bf4f2526b690794d9bc8e8b5823c39d3785cdb9c"}],"types":["ID"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/PUB-A-260230274.json"}},{"package":{"name":"platform/packages/modules/Bluetooth","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2023-06-01"}]}],"versions":["13"],"ecosystem_specific":{"severity":"Moderate","fixes":["https://android.googlesource.com/platform/packages/modules/Bluetooth/+/0450562b48d318d0775f9bb1faf0e71d04224f19"],"spl":"2023-06-01","vanir_signatures":[{"signature_type":"Line","id":"PUB-A-260230274-407d20b3","signature_version":"v1","digest":{"line_hashes":["223665430949230032539209174191649621193","137574529777343100153065203618979368364","138814094814115131521139901648060419831","193322601014283273961668279302861220443","63683800228113025859221491534636832412","159874854170206658240065068090349795748","5293164314322512069819562513273436824"],"threshold":0.9},"target":{"file":"system/stack/btu/btu_hcif.cc"},"deprecated":false,"source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/0450562b48d318d0775f9bb1faf0e71d04224f19"},{"signature_type":"Function","id":"PUB-A-260230274-e7606fed","signature_version":"v1","digest":{"function_hash":"145760792841934854656496123432821406951","length":321},"target":{"function":"btu_ble_ll_conn_param_upd_evt","file":"system/stack/btu/btu_hcif.cc"},"deprecated":false,"source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/0450562b48d318d0775f9bb1faf0e71d04224f19"}],"types":["ID"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/PUB-A-260230274.json"}}],"schema_version":"1.7.5"}