{"id":"PUB-A-260568083","details":"In btm_read_tx_power_complete of btm_acl.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the Bluetooth server with System execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-260568083","CVE-2023-20982"],"modified":"2026-05-29T15:55:33.750044621Z","published":"2023-06-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2023-06-01"}],"affected":[{"package":{"name":"platform/packages/modules/Bluetooth","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13-next:0"},{"fixed":"13-next:2023-06-01"}]}],"versions":["13-next"],"ecosystem_specific":{"severity":"Moderate","spl":"2023-06-01","fixes":["https://android.googlesource.com/platform/packages/modules/Bluetooth/+/e65885186e94bd295e8ed8ea783b5a49ffb3d5bc"],"vanir_signatures":[{"digest":{"line_hashes":["91120072370369716380662468663457112667","77937990068245879393772032804213536071","142581786962957731293880475873576375097","200206279142117472060591129939830419704","304489538477729054764584491970279696015","225248717060436010541024803209824718240"],"threshold":0.9},"deprecated":false,"id":"PUB-A-260568083-0a82bf20","signature_version":"v1","signature_type":"Line","source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/e65885186e94bd295e8ed8ea783b5a49ffb3d5bc","target":{"file":"system/test/mock/mock_stack_acl.h"}},{"digest":{"function_hash":"39187288829026860062883506468655333628","length":2106},"deprecated":false,"id":"PUB-A-260568083-0b485f0e","signature_version":"v1","signature_type":"Function","source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/e65885186e94bd295e8ed8ea783b5a49ffb3d5bc","target":{"file":"system/stack/btu/btu_hcif.cc","function":"btu_hcif_hdl_command_complete"}},{"digest":{"line_hashes":["76386474996276944385163994246957050639","36179256225666153528822166601729259268","336572677563697181726149773283537662324","93030908562272971049947591247036631963","246101567535068372341164781972363427991","45832400307608904940824158394310858607"],"threshold":0.9},"deprecated":false,"id":"PUB-A-260568083-35941271","signature_version":"v1","signature_type":"Line","source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/e65885186e94bd295e8ed8ea783b5a49ffb3d5bc","target":{"file":"system/test/mock/mock_stack_acl.cc"}},{"digest":{"line_hashes":["239779228496455769345821843630810310671","288939521428638511623241044379083843906","178536622760574816814660812904341779678","4569009688765277360812131822273449724","289213502808409074465843520373705198312","95949308781396210589302282023416154093","123872142083599226303038409137915708425","21369581572518947376539960550339099673"],"threshold":0.9},"deprecated":false,"id":"PUB-A-260568083-6b61ad90","signature_version":"v1","signature_type":"Line","source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/e65885186e94bd295e8ed8ea783b5a49ffb3d5bc","target":{"file":"system/stack/btu/btu_hcif.cc"}},{"digest":{"line_hashes":["316513638423377416554260539375016933022","292461599464892148440602104708798340378","209791031375700219343850248782084792329","181215925179627580178849465680489250955"],"threshold":0.9},"deprecated":false,"id":"PUB-A-260568083-774d94dd","signature_version":"v1","signature_type":"Line","source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/e65885186e94bd295e8ed8ea783b5a49ffb3d5bc","target":{"file":"system/stack/include/acl_hci_link_interface.h"}},{"digest":{"length":885,"function_hash":"311972640158743252108264279057693540931"},"deprecated":false,"id":"PUB-A-260568083-833c0b8e","signature_version":"v1","signature_type":"Function","source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/e65885186e94bd295e8ed8ea783b5a49ffb3d5bc","target":{"function":"btm_read_tx_power_complete","file":"system/stack/acl/btm_acl.cc"}},{"digest":{"line_hashes":["172867093954647776158946197579493899519","240729915970230787589762695686495803689","77259156352196733667084202030760038120","231656241151367147324337439780055479640","244583451476393233776542801946500163549","43402332158041781494086019038426287569","61894179056215923795712736384442744862","55058235004090176245672469547280876294","323668999929901887422985873082177547503","330059997140656717635241641384332050922","168180346481135005923280107589610304442","225022284774947069501991909951928767108","289233425032350894526494923978077571166","233732557165032028009601998703812954024","298567874855384446465324033118563722298","318337894986029413887727702410244297238","46711727194567930028805879782966910552","139073922511987929229117775904002790924","60597122513202571174437564586978773904","39467869309276482644177773981423014848"],"threshold":0.9},"deprecated":false,"id":"PUB-A-260568083-b37d76f4","signature_version":"v1","signature_type":"Line","source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/e65885186e94bd295e8ed8ea783b5a49ffb3d5bc","target":{"file":"system/stack/acl/btm_acl.cc"}}],"types":["ID"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/PUB-A-260568083.json"}},{"package":{"name":"platform/packages/modules/Bluetooth","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2023-06-01"}]}],"versions":["13"],"ecosystem_specific":{"vanir_signatures":[{"digest":{"line_hashes":["91120072370369716380662468663457112667","77937990068245879393772032804213536071","142581786962957731293880475873576375097","200206279142117472060591129939830419704","304489538477729054764584491970279696015","225248717060436010541024803209824718240"],"threshold":0.9},"deprecated":false,"id":"PUB-A-260568083-04b56122","signature_version":"v1","signature_type":"Line","source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/606824af399ec98f4cc285fbddb69cc99a712844","target":{"file":"system/test/mock/mock_stack_acl.h"}},{"digest":{"line_hashes":["239779228496455769345821843630810310671","288939521428638511623241044379083843906","178536622760574816814660812904341779678","4569009688765277360812131822273449724","289213502808409074465843520373705198312","95949308781396210589302282023416154093","123872142083599226303038409137915708425","21369581572518947376539960550339099673"],"threshold":0.9},"deprecated":false,"id":"PUB-A-260568083-21ba13a8","signature_version":"v1","signature_type":"Line","source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/606824af399ec98f4cc285fbddb69cc99a712844","target":{"file":"system/stack/btu/btu_hcif.cc"}},{"digest":{"function_hash":"311972640158743252108264279057693540931","length":885},"deprecated":false,"id":"PUB-A-260568083-27f4495d","signature_version":"v1","signature_type":"Function","source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/606824af399ec98f4cc285fbddb69cc99a712844","target":{"function":"btm_read_tx_power_complete","file":"system/stack/acl/btm_acl.cc"}},{"digest":{"line_hashes":["76386474996276944385163994246957050639","36179256225666153528822166601729259268","336572677563697181726149773283537662324","93030908562272971049947591247036631963","246101567535068372341164781972363427991","45832400307608904940824158394310858607"],"threshold":0.9},"deprecated":false,"id":"PUB-A-260568083-44561b78","signature_version":"v1","signature_type":"Line","source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/606824af399ec98f4cc285fbddb69cc99a712844","target":{"file":"system/test/mock/mock_stack_acl.cc"}},{"digest":{"line_hashes":["172867093954647776158946197579493899519","240729915970230787589762695686495803689","77259156352196733667084202030760038120","231656241151367147324337439780055479640","244583451476393233776542801946500163549","43402332158041781494086019038426287569","61894179056215923795712736384442744862","55058235004090176245672469547280876294","323668999929901887422985873082177547503","330059997140656717635241641384332050922","168180346481135005923280107589610304442","225022284774947069501991909951928767108","289233425032350894526494923978077571166","233732557165032028009601998703812954024","298567874855384446465324033118563722298","318337894986029413887727702410244297238","46711727194567930028805879782966910552","139073922511987929229117775904002790924","60597122513202571174437564586978773904","39467869309276482644177773981423014848"],"threshold":0.9},"deprecated":false,"id":"PUB-A-260568083-99727b6f","signature_version":"v1","signature_type":"Line","source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/606824af399ec98f4cc285fbddb69cc99a712844","target":{"file":"system/stack/acl/btm_acl.cc"}},{"digest":{"function_hash":"235604982423465775564157247840940631481","length":1979},"deprecated":false,"id":"PUB-A-260568083-cbc51ea3","signature_version":"v1","signature_type":"Function","source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/606824af399ec98f4cc285fbddb69cc99a712844","target":{"file":"system/stack/btu/btu_hcif.cc","function":"btu_hcif_hdl_command_complete"}},{"digest":{"line_hashes":["316513638423377416554260539375016933022","292461599464892148440602104708798340378","209791031375700219343850248782084792329","42926567207869473656328618930071144016"],"threshold":0.9},"deprecated":false,"id":"PUB-A-260568083-fb7c6d93","signature_version":"v1","signature_type":"Line","source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/606824af399ec98f4cc285fbddb69cc99a712844","target":{"file":"system/stack/include/acl_hci_link_interface.h"}}],"spl":"2023-06-01","types":["ID"],"severity":"Moderate","fixes":["https://android.googlesource.com/platform/packages/modules/Bluetooth/+/606824af399ec98f4cc285fbddb69cc99a712844"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/PUB-A-260568083.json"}}],"schema_version":"1.7.5"}