{"id":"PUB-A-260568245","details":"In btm_create_conn_cancel_complete of btm_sec.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-260568245","CVE-2023-20973"],"modified":"2026-05-29T15:55:33.750044621Z","published":"2023-06-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2023-06-01"}],"affected":[{"package":{"name":"platform/packages/modules/Bluetooth","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13-next:0"},{"fixed":"13-next:2023-06-01"}]}],"versions":["13-next"],"ecosystem_specific":{"vanir_signatures":[{"target":{"file":"system/test/mock/mock_stack_btm_sec.cc"},"signature_version":"v1","id":"PUB-A-260568245-2bef92fd","source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/5d323752b7600fcb6c5126f8f1d6ce69b86430c1","signature_type":"Line","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["243810112839180409435536355694423571750","299477295124079003834922366589101402116","339253293684361323314945020031679424632","54769990116822821649320993360989620174"]}},{"target":{"function":"btm_create_conn_cancel_complete","file":"system/stack/btm/btm_sec.cc"},"digest":{"function_hash":"106454785807906912090733509797690038970","length":874},"signature_type":"Function","id":"PUB-A-260568245-35d974d9","signature_version":"v1","deprecated":false,"source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/5d323752b7600fcb6c5126f8f1d6ce69b86430c1"},{"target":{"file":"system/stack/btm/btm_sec.h"},"signature_version":"v1","source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/5d323752b7600fcb6c5126f8f1d6ce69b86430c1","signature_type":"Line","id":"PUB-A-260568245-3c158b68","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["126433689896836701219873939732705828142","256479069655869836042509465085661530171","310573522880277217729692544786171514031","159482563108846739062825189817177703150"]}},{"target":{"file":"system/stack/include/sec_hci_link_interface.h"},"signature_version":"v1","id":"PUB-A-260568245-93398361","source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/5d323752b7600fcb6c5126f8f1d6ce69b86430c1","signature_type":"Line","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["168076959922953635491048177836613499317","177925020078317190151119010659761170747","261998629566884442232723766392663832515","73142110452835336792606638363977633765"]}},{"target":{"file":"system/stack/btu/btu_hcif.cc"},"digest":{"threshold":0.9,"line_hashes":["203227775105952582663999295386510304721","28554358831473830551561127673212847872","245708939831301847045955566643293648516","163741528422316185972359435657757944184"]},"signature_type":"Line","id":"PUB-A-260568245-b9b52456","signature_version":"v1","deprecated":false,"source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/5d323752b7600fcb6c5126f8f1d6ce69b86430c1"},{"target":{"function":"btu_hcif_hdl_command_complete","file":"system/stack/btu/btu_hcif.cc"},"signature_version":"v1","source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/5d323752b7600fcb6c5126f8f1d6ce69b86430c1","signature_type":"Function","id":"PUB-A-260568245-db9d8307","deprecated":false,"digest":{"function_hash":"231077236101929660369564077957019062208","length":2146}},{"target":{"file":"system/stack/btm/btm_sec.cc"},"signature_version":"v1","source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/5d323752b7600fcb6c5126f8f1d6ce69b86430c1","signature_type":"Line","id":"PUB-A-260568245-e9336316","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["49104961985698033766274605397557173818","99371367906560930911575963695038048576","224816853246989930754069618456001755931","192753990597435299819657294873319913424","61134942078643564912732089505676903749"]}}],"fixes":["https://android.googlesource.com/platform/packages/modules/Bluetooth/+/5d323752b7600fcb6c5126f8f1d6ce69b86430c1"],"severity":"Moderate","types":["ID"],"spl":"2023-06-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/PUB-A-260568245.json"}},{"package":{"name":"platform/packages/modules/Bluetooth","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2023-06-01"}]}],"versions":["13"],"ecosystem_specific":{"severity":"Moderate","fixes":["https://android.googlesource.com/platform/packages/modules/Bluetooth/+/adf06fb67b0714c6349f4e61d258642bbd7ad74a"],"vanir_signatures":[{"target":{"file":"system/stack/btm/btm_sec.h"},"signature_version":"v1","id":"PUB-A-260568245-0421fe5d","source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/adf06fb67b0714c6349f4e61d258642bbd7ad74a","signature_type":"Line","deprecated":false,"digest":{"line_hashes":["126433689896836701219873939732705828142","256479069655869836042509465085661530171","310573522880277217729692544786171514031","159482563108846739062825189817177703150"],"threshold":0.9}},{"target":{"file":"system/stack/btu/btu_hcif.cc"},"signature_version":"v1","signature_type":"Line","id":"PUB-A-260568245-0657b5e8","digest":{"threshold":0.9,"line_hashes":["4569009688765277360812131822273449724","28554358831473830551561127673212847872","245708939831301847045955566643293648516","158498375014697082575363767697377430124"]},"deprecated":false,"source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/adf06fb67b0714c6349f4e61d258642bbd7ad74a"},{"target":{"function":"btu_hcif_hdl_command_complete","file":"system/stack/btu/btu_hcif.cc"},"digest":{"function_hash":"235604982423465775564157247840940631481","length":1979},"signature_type":"Function","id":"PUB-A-260568245-1fcc205b","signature_version":"v1","deprecated":false,"source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/adf06fb67b0714c6349f4e61d258642bbd7ad74a"},{"target":{"file":"system/stack/include/sec_hci_link_interface.h"},"digest":{"threshold":0.9,"line_hashes":["168076959922953635491048177836613499317","177925020078317190151119010659761170747","261998629566884442232723766392663832515","73142110452835336792606638363977633765"]},"signature_type":"Line","id":"PUB-A-260568245-5776ba22","signature_version":"v1","deprecated":false,"source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/adf06fb67b0714c6349f4e61d258642bbd7ad74a"},{"target":{"function":"btm_create_conn_cancel_complete","file":"system/stack/btm/btm_sec.cc"},"signature_version":"v1","signature_type":"Function","id":"PUB-A-260568245-6d261a5a","digest":{"function_hash":"106454785807906912090733509797690038970","length":874},"deprecated":false,"source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/adf06fb67b0714c6349f4e61d258642bbd7ad74a"},{"target":{"file":"system/stack/btm/btm_sec.cc"},"signature_version":"v1","signature_type":"Line","id":"PUB-A-260568245-7b34a4e0","digest":{"line_hashes":["49104961985698033766274605397557173818","99371367906560930911575963695038048576","224816853246989930754069618456001755931","192753990597435299819657294873319913424","61134942078643564912732089505676903749"],"threshold":0.9},"deprecated":false,"source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/adf06fb67b0714c6349f4e61d258642bbd7ad74a"},{"target":{"file":"system/test/mock/mock_stack_btm_sec.cc"},"digest":{"threshold":0.9,"line_hashes":["243810112839180409435536355694423571750","299477295124079003834922366589101402116","339253293684361323314945020031679424632","54769990116822821649320993360989620174"]},"signature_type":"Line","id":"PUB-A-260568245-9510fd95","signature_version":"v1","deprecated":false,"source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/adf06fb67b0714c6349f4e61d258642bbd7ad74a"}],"types":["ID"],"spl":"2023-06-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/PUB-A-260568245.json"}}],"schema_version":"1.7.5"}