{"id":"ASB-A-162497143", "published":"2020-11-01T00:00:00Z", "modified":"2026-04-29T15:10:00.007170452Z", "aliases":["CVE-2020-0449", "A-162497143"], "details":"In btm_sec_disconnected of btm_sec.cc, there is a possible memory corruption due to a use after free. This could lead to remote code execution in the Bluetooth server with no additional execution privileges needed. User interaction is needed for exploitation.", "affected":[{"package":{"name":"platform/system/bt", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"11-next:0"}, {"fixed":"11-next:2020-11-01"}]}], "versions":["11-next"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/bt/+/7c86810c44ef2efd97c3e78bd77e36257a05f75b"], "severity":"Critical", "spl":"2020-11-01", "types":["RCE"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["249772947756894727392887710939368535576", "248664681227693269870639686329578771093", "204938982121898345627514870929907191075", "195313446493060147881271030988516681257"], "threshold":0.9}, "id":"ASB-A-162497143-8d8eea24", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/7c86810c44ef2efd97c3e78bd77e36257a05f75b", "target":{"file":"stack/btm/btm_sec.cc"}}, {"deprecated":false, "digest":{"function_hash":"336946547496498273731615258106979727699", "length":2854}, "id":"ASB-A-162497143-ef4ed2bd", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/7c86810c44ef2efd97c3e78bd77e36257a05f75b", "target":{"file":"stack/btm/btm_sec.cc", "function":"btm_sec_disconnected"}}]}}, {"package":{"name":"platform/system/bt", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"8.0:0"}, {"fixed":"8.0:2020-11-01"}]}], "versions":["8.0"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/bt/+/c6879c3fe5833b5198255126342185e45929c577"], "severity":"Critical", "spl":"2020-11-01", "types":["RCE"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["38693037265298699250803535887493619439", "315234496427818661395821925732807007606", "270885058720057633544048845857587599969", "256197269163269374029381615797948216232"], "threshold":0.9}, "id":"ASB-A-162497143-26d4447f", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/c6879c3fe5833b5198255126342185e45929c577", "target":{"file":"stack/btm/btm_sec.cc"}}, {"deprecated":false, "digest":{"function_hash":"284210671789151899952028304442543332172", "length":2761}, "id":"ASB-A-162497143-29dd4bd1", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/c6879c3fe5833b5198255126342185e45929c577", "target":{"file":"stack/btm/btm_sec.cc", "function":"btm_sec_disconnected"}}]}}, {"package":{"name":"platform/system/bt", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"8.1:0"}, {"fixed":"8.1:2020-11-01"}]}], "versions":["8.1"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/bt/+/c6879c3fe5833b5198255126342185e45929c577"], "severity":"Critical", "spl":"2020-11-01", "types":["RCE"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"284210671789151899952028304442543332172", "length":2761}, "id":"ASB-A-162497143-20799313", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/c6879c3fe5833b5198255126342185e45929c577", "target":{"file":"stack/btm/btm_sec.cc", "function":"btm_sec_disconnected"}}, {"deprecated":false, "digest":{"line_hashes":["38693037265298699250803535887493619439", "315234496427818661395821925732807007606", "270885058720057633544048845857587599969", "256197269163269374029381615797948216232"], "threshold":0.9}, "id":"ASB-A-162497143-4ee91ee5", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/c6879c3fe5833b5198255126342185e45929c577", "target":{"file":"stack/btm/btm_sec.cc"}}]}}, {"package":{"name":"platform/system/bt", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"9:0"}, {"fixed":"9:2020-11-01"}]}], "versions":["9"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/bt/+/7c86810c44ef2efd97c3e78bd77e36257a05f75b"], "severity":"Critical", "spl":"2020-11-01", "types":["RCE"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["249772947756894727392887710939368535576", "248664681227693269870639686329578771093", "204938982121898345627514870929907191075", "195313446493060147881271030988516681257"], "threshold":0.9}, "id":"ASB-A-162497143-497c4306", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/7c86810c44ef2efd97c3e78bd77e36257a05f75b", "target":{"file":"stack/btm/btm_sec.cc"}}, {"deprecated":false, "digest":{"function_hash":"336946547496498273731615258106979727699", "length":2854}, "id":"ASB-A-162497143-c3b5cba0", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/7c86810c44ef2efd97c3e78bd77e36257a05f75b", "target":{"file":"stack/btm/btm_sec.cc", "function":"btm_sec_disconnected"}}]}}, {"package":{"name":"platform/system/bt", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"10:0"}, {"fixed":"10:2020-11-01"}]}], "versions":["10"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/bt/+/7c86810c44ef2efd97c3e78bd77e36257a05f75b"], "severity":"Critical", "spl":"2020-11-01", "types":["RCE"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["249772947756894727392887710939368535576", "248664681227693269870639686329578771093", "204938982121898345627514870929907191075", "195313446493060147881271030988516681257"], "threshold":0.9}, "id":"ASB-A-162497143-a93d82b1", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/7c86810c44ef2efd97c3e78bd77e36257a05f75b", "target":{"file":"stack/btm/btm_sec.cc"}}, {"deprecated":false, "digest":{"function_hash":"336946547496498273731615258106979727699", "length":2854}, "id":"ASB-A-162497143-f2b68525", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/7c86810c44ef2efd97c3e78bd77e36257a05f75b", "target":{"file":"stack/btm/btm_sec.cc", "function":"btm_sec_disconnected"}}]}}, {"package":{"name":"platform/system/bt", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"11:0"}, {"fixed":"11:2020-11-01"}]}], "versions":["11"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/bt/+/7c86810c44ef2efd97c3e78bd77e36257a05f75b"], "severity":"Critical", "spl":"2020-11-01", "types":["RCE"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"336946547496498273731615258106979727699", "length":2854}, "id":"ASB-A-162497143-2cec00ea", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/7c86810c44ef2efd97c3e78bd77e36257a05f75b", "target":{"file":"stack/btm/btm_sec.cc", "function":"btm_sec_disconnected"}}, {"deprecated":false, "digest":{"line_hashes":["249772947756894727392887710939368535576", "248664681227693269870639686329578771093", "204938982121898345627514870929907191075", "195313446493060147881271030988516681257"], "threshold":0.9}, "id":"ASB-A-162497143-8b410412", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/7c86810c44ef2efd97c3e78bd77e36257a05f75b", "target":{"file":"stack/btm/btm_sec.cc"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2020-11-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/system/bt/+/46bdf4d4145ee022c48b71c30ba5fd45324f796a"}]}