{"id":"PUB-A-260569414","details":"In btm_read_link_quality_complete of btm_acl.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure over Bluetooth with System execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-260569414","CVE-2023-20987"],"modified":"2026-04-13T15:04:09.269232Z","published":"2023-06-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2023-06-01"}],"affected":[{"package":{"name":"platform/packages/modules/Bluetooth","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13-next:0"},{"fixed":"13-next:2023-06-01"}]}],"versions":["13-next"],"ecosystem_specific":{"spl":"2023-06-01","types":["ID"],"fixes":["https://android.googlesource.com/platform/packages/modules/Bluetooth/+/8ed958ed40fa84fd0e2f4c2ad6c49dad6e994d2d"],"severity":"Moderate","vanir_signatures":[{"digest":{"function_hash":"257010832042188423388289082366036976127","length":2098},"signature_type":"Function","target":{"file":"system/stack/btu/btu_hcif.cc","function":"btu_hcif_hdl_command_complete"},"source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/8ed958ed40fa84fd0e2f4c2ad6c49dad6e994d2d","deprecated":false,"signature_version":"v1","id":"PUB-A-260569414-1c182f8a"},{"digest":{"line_hashes":["52116404827614007151071091054273483575","122972298153767091530435878762563077667","183408494215482797936438753177613973126","32534141852560561561850178185345777794","289391957737813965130583170121220501047"],"threshold":0.9},"signature_type":"Line","target":{"file":"system/test/mock/mock_stack_acl.h"},"source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/8ed958ed40fa84fd0e2f4c2ad6c49dad6e994d2d","deprecated":false,"signature_version":"v1","id":"PUB-A-260569414-4d4f56ef"},{"digest":{"line_hashes":["55182960640022639623395153225950417955","46099568425112779672466094050365893886","112197470410354489338308378631297990969","215543892229333305585700143401042194912"],"threshold":0.9},"signature_type":"Line","target":{"file":"system/stack/include/acl_hci_link_interface.h"},"source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/8ed958ed40fa84fd0e2f4c2ad6c49dad6e994d2d","deprecated":false,"signature_version":"v1","id":"PUB-A-260569414-73283b3a"},{"digest":{"line_hashes":["197432015785403291847734253690045575494","323152554376691415748760968604280470357","292216493079576454879557204924062080927","58496750829651245331455553975651463451","136160097665787967212055253602751722109","143940094458384570757417831579366600257","139919327322787380434238767749485507847","315534102493692615796251486261400506505","185291788149507247207224578901852571063","123376658773146610982678383797843484827","65279960081443146915166989295711790647","120511234688123102451865881422683364256","46711727194567930028805879782966910552","139073922511987929229117775904002790924","263341014086865056344073849104983122739","29077767848653852789548673691114032625"],"threshold":0.9},"signature_type":"Line","target":{"file":"system/stack/acl/btm_acl.cc"},"source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/8ed958ed40fa84fd0e2f4c2ad6c49dad6e994d2d","deprecated":false,"signature_version":"v1","id":"PUB-A-260569414-9b6ca41a"},{"digest":{"function_hash":"302795191495329341646750928303156994215","length":774},"signature_type":"Function","target":{"file":"system/stack/acl/btm_acl.cc","function":"btm_read_link_quality_complete"},"source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/8ed958ed40fa84fd0e2f4c2ad6c49dad6e994d2d","deprecated":false,"signature_version":"v1","id":"PUB-A-260569414-ad07f9b0"},{"digest":{"line_hashes":["67623452993050920459062686127892814440","158941216599183211904720826236231977225","272100409675608664361666758493877008226","107026769148702083207167741945240330927"],"threshold":0.9},"signature_type":"Line","target":{"file":"system/stack/btu/btu_hcif.cc"},"source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/8ed958ed40fa84fd0e2f4c2ad6c49dad6e994d2d","deprecated":false,"signature_version":"v1","id":"PUB-A-260569414-cbc9d9ec"},{"digest":{"line_hashes":["168468718710308343939600118711604089041","141214466061481631426945562988365872240","153768791542116689872044486823226593398","52662068341782220093324479474909256787","34833108719324824323299618687064594604","147382389546521545526045556728452663205"],"threshold":0.9},"signature_type":"Line","target":{"file":"system/test/mock/mock_stack_acl.cc"},"source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/8ed958ed40fa84fd0e2f4c2ad6c49dad6e994d2d","deprecated":false,"signature_version":"v1","id":"PUB-A-260569414-e4570623"}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/PUB-A-260569414.json"}},{"package":{"name":"platform/packages/modules/Bluetooth","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2023-06-01"}]}],"versions":["13"],"ecosystem_specific":{"spl":"2023-06-01","types":["ID"],"fixes":["https://android.googlesource.com/platform/packages/modules/Bluetooth/+/b2c6806c9458b6e599d29fd327584ce0afd83839"],"severity":"Moderate","vanir_signatures":[{"digest":{"line_hashes":["197432015785403291847734253690045575494","323152554376691415748760968604280470357","292216493079576454879557204924062080927","58496750829651245331455553975651463451","136160097665787967212055253602751722109","143940094458384570757417831579366600257","139919327322787380434238767749485507847","315534102493692615796251486261400506505","185291788149507247207224578901852571063","123376658773146610982678383797843484827","65279960081443146915166989295711790647","120511234688123102451865881422683364256","46711727194567930028805879782966910552","139073922511987929229117775904002790924","263341014086865056344073849104983122739","29077767848653852789548673691114032625"],"threshold":0.9},"signature_type":"Line","target":{"file":"system/stack/acl/btm_acl.cc"},"source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/b2c6806c9458b6e599d29fd327584ce0afd83839","deprecated":false,"signature_version":"v1","id":"PUB-A-260569414-0c673ddb"},{"digest":{"line_hashes":["67623452993050920459062686127892814440","158941216599183211904720826236231977225","272100409675608664361666758493877008226","107026769148702083207167741945240330927"],"threshold":0.9},"signature_type":"Line","target":{"file":"system/stack/btu/btu_hcif.cc"},"source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/b2c6806c9458b6e599d29fd327584ce0afd83839","deprecated":false,"signature_version":"v1","id":"PUB-A-260569414-10a77e22"},{"digest":{"line_hashes":["52116404827614007151071091054273483575","122972298153767091530435878762563077667","183408494215482797936438753177613973126","32534141852560561561850178185345777794","289391957737813965130583170121220501047"],"threshold":0.9},"signature_type":"Line","target":{"file":"system/test/mock/mock_stack_acl.h"},"source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/b2c6806c9458b6e599d29fd327584ce0afd83839","deprecated":false,"signature_version":"v1","id":"PUB-A-260569414-1945d0f0"},{"digest":{"function_hash":"235604982423465775564157247840940631481","length":1979},"signature_type":"Function","target":{"file":"system/stack/btu/btu_hcif.cc","function":"btu_hcif_hdl_command_complete"},"source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/b2c6806c9458b6e599d29fd327584ce0afd83839","deprecated":false,"signature_version":"v1","id":"PUB-A-260569414-21d53239"},{"digest":{"function_hash":"302795191495329341646750928303156994215","length":774},"signature_type":"Function","target":{"file":"system/stack/acl/btm_acl.cc","function":"btm_read_link_quality_complete"},"source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/b2c6806c9458b6e599d29fd327584ce0afd83839","deprecated":false,"signature_version":"v1","id":"PUB-A-260569414-288e47cc"},{"digest":{"line_hashes":["55182960640022639623395153225950417955","46099568425112779672466094050365893886","112197470410354489338308378631297990969","215543892229333305585700143401042194912"],"threshold":0.9},"signature_type":"Line","target":{"file":"system/stack/include/acl_hci_link_interface.h"},"source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/b2c6806c9458b6e599d29fd327584ce0afd83839","deprecated":false,"signature_version":"v1","id":"PUB-A-260569414-5bd57951"},{"digest":{"line_hashes":["168468718710308343939600118711604089041","141214466061481631426945562988365872240","153768791542116689872044486823226593398","52662068341782220093324479474909256787","34833108719324824323299618687064594604","147382389546521545526045556728452663205"],"threshold":0.9},"signature_type":"Line","target":{"file":"system/test/mock/mock_stack_acl.cc"},"source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/b2c6806c9458b6e599d29fd327584ce0afd83839","deprecated":false,"signature_version":"v1","id":"PUB-A-260569414-9cf09674"}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/PUB-A-260569414.json"}}],"schema_version":"1.7.5"}