{"id":"ASB-A-205571133", "published":"2022-07-01T00:00:00Z", "modified":"2026-05-01T15:24:27.653932157Z", "aliases":["CVE-2022-20221", "A-205571133"], "details":"In avrc_ctrl_pars_vendor_cmd of avrc_pars_ct.cc, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/system/bt", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"10:0"}, {"fixed":"10:2022-07-01"}]}], "versions":["10"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/bt/+/003e42896493afb7a0cd7406720987725d4e9da3"], "severity":"High", "spl":"2022-07-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"305541395741595188649213172767164191469", "length":1145}, "id":"ASB-A-205571133-13a14f9d", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/003e42896493afb7a0cd7406720987725d4e9da3", "target":{"file":"stack/avrc/avrc_pars_tg.cc", "function":"avrc_ctrl_pars_vendor_cmd"}}, {"deprecated":false, "digest":{"line_hashes":["106952868721422034315462922253755098583", "28300491369943993044912096071713369607", "76663596602709785475083046558638226071"], "threshold":0.9}, "id":"ASB-A-205571133-f06cccd7", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/003e42896493afb7a0cd7406720987725d4e9da3", "target":{"file":"stack/avrc/avrc_pars_tg.cc"}}]}}, {"package":{"name":"platform/system/bt", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"11:0"}, {"fixed":"11:2022-07-01"}]}], "versions":["11"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/bt/+/003e42896493afb7a0cd7406720987725d4e9da3"], "severity":"High", "spl":"2022-07-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"305541395741595188649213172767164191469", "length":1145}, "id":"ASB-A-205571133-26e4438e", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/003e42896493afb7a0cd7406720987725d4e9da3", "target":{"file":"stack/avrc/avrc_pars_tg.cc", "function":"avrc_ctrl_pars_vendor_cmd"}}, {"deprecated":false, "digest":{"line_hashes":["106952868721422034315462922253755098583", "28300491369943993044912096071713369607", "76663596602709785475083046558638226071"], "threshold":0.9}, "id":"ASB-A-205571133-aba04606", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/003e42896493afb7a0cd7406720987725d4e9da3", "target":{"file":"stack/avrc/avrc_pars_tg.cc"}}]}}, {"package":{"name":"platform/system/bt", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12:0"}, {"fixed":"12:2022-07-01"}]}], "versions":["12"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/bt/+/003e42896493afb7a0cd7406720987725d4e9da3"], "severity":"High", "spl":"2022-07-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["106952868721422034315462922253755098583", "28300491369943993044912096071713369607", "76663596602709785475083046558638226071"], "threshold":0.9}, "id":"ASB-A-205571133-43122021", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/003e42896493afb7a0cd7406720987725d4e9da3", "target":{"file":"stack/avrc/avrc_pars_tg.cc"}}, {"deprecated":false, "digest":{"function_hash":"305541395741595188649213172767164191469", "length":1145}, "id":"ASB-A-205571133-d3718ba1", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/003e42896493afb7a0cd7406720987725d4e9da3", "target":{"file":"stack/avrc/avrc_pars_tg.cc", "function":"avrc_ctrl_pars_vendor_cmd"}}]}}, {"package":{"name":"platform/system/bt", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12L:0"}, {"fixed":"12L:2022-07-01"}]}], "versions":["12L"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/bt/+/003e42896493afb7a0cd7406720987725d4e9da3"], "severity":"High", "spl":"2022-07-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["106952868721422034315462922253755098583", "28300491369943993044912096071713369607", "76663596602709785475083046558638226071"], "threshold":0.9}, "id":"ASB-A-205571133-a4a5d5b8", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/003e42896493afb7a0cd7406720987725d4e9da3", "target":{"file":"stack/avrc/avrc_pars_tg.cc"}}, {"deprecated":false, "digest":{"function_hash":"305541395741595188649213172767164191469", "length":1145}, "id":"ASB-A-205571133-ccad02db", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/003e42896493afb7a0cd7406720987725d4e9da3", "target":{"file":"stack/avrc/avrc_pars_tg.cc", "function":"avrc_ctrl_pars_vendor_cmd"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2022-07-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/system/bt/+/9e39fc68e82739dbd9f7403de244959ac7d54d2d"}]}