{"id":"ASB-A-206128341", "published":"2022-03-01T00:00:00Z", "modified":"2026-04-29T15:10:00.007170452Z", "aliases":["CVE-2021-39708", "A-206128341"], "details":"In gatt_process_notification of gatt_cl.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/system/bt", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12:0"}, {"fixed":"12:2022-03-01"}]}], "versions":["12"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/bt/+/97e84ea15a31d8df49003b19ac3ef5cd52ea95f5"], "severity":"Critical", "spl":"2022-03-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["241537502085801979227847084960204315338", "277151541307175054926658701605526972917", "257953875711511003209061833450533096279", "46448234821378032377327957180540795275"], "threshold":0.9}, "id":"ASB-A-206128341-0342fa86", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/97e84ea15a31d8df49003b19ac3ef5cd52ea95f5", "target":{"file":"stack/gatt/gatt_cl.cc"}}, {"deprecated":false, "digest":{"function_hash":"71700587856236157416993353711427742154", "length":2690}, "id":"ASB-A-206128341-aa3578e5", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/97e84ea15a31d8df49003b19ac3ef5cd52ea95f5", "target":{"file":"stack/gatt/gatt_cl.cc", "function":"gatt_process_notification"}}]}}, {"package":{"name":"platform/system/bt", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12L:0"}, {"fixed":"12L:2022-03-01"}]}], "versions":["12L"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/bt/+/61661c7b4da0fe580c6dd0dabd902bbdf8f81ad4"], "severity":"Critical", "spl":"2022-03-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"71700587856236157416993353711427742154", "length":2690}, "id":"ASB-A-206128341-10224f0c", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/61661c7b4da0fe580c6dd0dabd902bbdf8f81ad4", "target":{"file":"stack/gatt/gatt_cl.cc", "function":"gatt_process_notification"}}, {"deprecated":false, "digest":{"line_hashes":["241537502085801979227847084960204315338", "277151541307175054926658701605526972917", "257953875711511003209061833450533096279", "46448234821378032377327957180540795275"], "threshold":0.9}, "id":"ASB-A-206128341-645bde93", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/61661c7b4da0fe580c6dd0dabd902bbdf8f81ad4", "target":{"file":"stack/gatt/gatt_cl.cc"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2022-03-01"}]}