{"id":"ASB-A-146398979", "published":"2020-09-01T00:00:00Z", "modified":"2026-05-01T15:24:27.653932157Z", "aliases":["CVE-2020-0380", "A-146398979"], "details":"In allocExcessBits of bitalloc.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/system/bt", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"8.0:0"}, {"fixed":"8.0:2020-09-01"}]}], "versions":["8.0"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/bt/+/59c234a8fddda37147bb3fe1dd3b3a668828bcab"], "severity":"Critical", "spl":"2020-09-01", "types":["RCE"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"321234905431845260252678837018518904275", "length":2528}, "id":"ASB-A-146398979-1312805f", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/59c234a8fddda37147bb3fe1dd3b3a668828bcab", "target":{"file":"embdrv/sbc/decoder/srce/decoder-sbc.c", "function":"OI_CODEC_SBC_DecodeFrame"}}, {"deprecated":false, "digest":{"line_hashes":["299122073098996808654107516758968955565", "286252558384371725332049297140246791036", "28851737143717057705984729275717971822", "166728063500436628648921626767346014890", "213579653298428298585614861308521870936", "295351673693555017889999086667776480352", "114546012834183047704107748653278505547", "222828746183569043499428306079904321165"], "threshold":0.9}, "id":"ASB-A-146398979-8488f02c", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/59c234a8fddda37147bb3fe1dd3b3a668828bcab", "target":{"file":"embdrv/sbc/decoder/srce/decoder-sbc.c"}}]}}, {"package":{"name":"platform/system/bt", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"8.1:0"}, {"fixed":"8.1:2020-09-01"}]}], "versions":["8.1"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/bt/+/59c234a8fddda37147bb3fe1dd3b3a668828bcab"], "severity":"Critical", "spl":"2020-09-01", "types":["RCE"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["299122073098996808654107516758968955565", "286252558384371725332049297140246791036", "28851737143717057705984729275717971822", "166728063500436628648921626767346014890", "213579653298428298585614861308521870936", "295351673693555017889999086667776480352", "114546012834183047704107748653278505547", "222828746183569043499428306079904321165"], "threshold":0.9}, "id":"ASB-A-146398979-58d34f5f", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/59c234a8fddda37147bb3fe1dd3b3a668828bcab", "target":{"file":"embdrv/sbc/decoder/srce/decoder-sbc.c"}}, {"deprecated":false, "digest":{"function_hash":"321234905431845260252678837018518904275", "length":2528}, "id":"ASB-A-146398979-c8cb7457", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/59c234a8fddda37147bb3fe1dd3b3a668828bcab", "target":{"file":"embdrv/sbc/decoder/srce/decoder-sbc.c", "function":"OI_CODEC_SBC_DecodeFrame"}}]}}, {"package":{"name":"platform/system/bt", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"9:0"}, {"fixed":"9:2020-09-01"}]}], "versions":["9"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/bt/+/59c234a8fddda37147bb3fe1dd3b3a668828bcab"], "severity":"Critical", "spl":"2020-09-01", "types":["RCE"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["299122073098996808654107516758968955565", "286252558384371725332049297140246791036", "28851737143717057705984729275717971822", "166728063500436628648921626767346014890", "213579653298428298585614861308521870936", "295351673693555017889999086667776480352", "114546012834183047704107748653278505547", "222828746183569043499428306079904321165"], "threshold":0.9}, "id":"ASB-A-146398979-010c7a18", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/59c234a8fddda37147bb3fe1dd3b3a668828bcab", "target":{"file":"embdrv/sbc/decoder/srce/decoder-sbc.c"}}, {"deprecated":false, "digest":{"function_hash":"321234905431845260252678837018518904275", "length":2528}, "id":"ASB-A-146398979-aed33ebd", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/59c234a8fddda37147bb3fe1dd3b3a668828bcab", "target":{"file":"embdrv/sbc/decoder/srce/decoder-sbc.c", "function":"OI_CODEC_SBC_DecodeFrame"}}]}}, {"package":{"name":"platform/system/bt", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"10:0"}, {"fixed":"10:2020-09-01"}]}], "versions":["10"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/bt/+/59c234a8fddda37147bb3fe1dd3b3a668828bcab"], "severity":"Critical", "spl":"2020-09-01", "types":["RCE"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"321234905431845260252678837018518904275", "length":2528}, "id":"ASB-A-146398979-091a7817", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/59c234a8fddda37147bb3fe1dd3b3a668828bcab", "target":{"file":"embdrv/sbc/decoder/srce/decoder-sbc.c", "function":"OI_CODEC_SBC_DecodeFrame"}}, {"deprecated":false, "digest":{"line_hashes":["299122073098996808654107516758968955565", "286252558384371725332049297140246791036", "28851737143717057705984729275717971822", "166728063500436628648921626767346014890", "213579653298428298585614861308521870936", "295351673693555017889999086667776480352", "114546012834183047704107748653278505547", "222828746183569043499428306079904321165"], "threshold":0.9}, "id":"ASB-A-146398979-81da0fd3", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/59c234a8fddda37147bb3fe1dd3b3a668828bcab", "target":{"file":"embdrv/sbc/decoder/srce/decoder-sbc.c"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2020-09-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/system/bt/+/59c234a8fddda37147bb3fe1dd3b3a668828bcab"}]}