{"id":"ASB-A-224536184", "published":"2022-07-01T00:00:00Z", "modified":"2026-04-30T15:48:46.890647439Z", "aliases":["CVE-2022-20229", "A-224536184"], "details":"In bta_hf_client_handle_cind_list_item of bta_hf_client_at.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/system/bt", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"10:0"}, {"fixed":"10:2022-07-01"}]}], "versions":["10"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/bt/+/01136338f6d739226e027716b6e5304df379fa4c"], "severity":"Critical", "spl":"2022-07-01", "types":["RCE"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"99527865329864812908024186541795315569", "length":562}, "id":"ASB-A-224536184-7abd703e", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/01136338f6d739226e027716b6e5304df379fa4c", "target":{"file":"bta/hf_client/bta_hf_client_at.cc", "function":"bta_hf_client_handle_cind_list_item"}}, {"deprecated":false, "digest":{"line_hashes":["69202097141331435759913898533140182647", "339856804970668910245066217423079603924", "338909376581949431436926621779788310255"], "threshold":0.9}, "id":"ASB-A-224536184-8a7e33e5", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/01136338f6d739226e027716b6e5304df379fa4c", "target":{"file":"bta/hf_client/bta_hf_client_at.cc"}}]}}, {"package":{"name":"platform/system/bt", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"11:0"}, {"fixed":"11:2022-07-01"}]}], "versions":["11"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/bt/+/ea2815973590018a6df5a3e88fa582eb4c8ff04e"], "severity":"Critical", "spl":"2022-07-01", "types":["RCE"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["69202097141331435759913898533140182647", "339856804970668910245066217423079603924", "338909376581949431436926621779788310255"], "threshold":0.9}, "id":"ASB-A-224536184-12123725", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/ea2815973590018a6df5a3e88fa582eb4c8ff04e", "target":{"file":"bta/hf_client/bta_hf_client_at.cc"}}, {"deprecated":false, "digest":{"function_hash":"99527865329864812908024186541795315569", "length":562}, "id":"ASB-A-224536184-f17b3721", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/ea2815973590018a6df5a3e88fa582eb4c8ff04e", "target":{"file":"bta/hf_client/bta_hf_client_at.cc", "function":"bta_hf_client_handle_cind_list_item"}}]}}, {"package":{"name":"platform/system/bt", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12:0"}, {"fixed":"12:2022-07-01"}]}], "versions":["12"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/bt/+/6d092ae08e8bcd7cacd50d52e1139b9d59239c87"], "severity":"Critical", "spl":"2022-07-01", "types":["RCE"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["69202097141331435759913898533140182647", "339856804970668910245066217423079603924", "338909376581949431436926621779788310255"], "threshold":0.9}, "id":"ASB-A-224536184-71dd4a58", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/6d092ae08e8bcd7cacd50d52e1139b9d59239c87", "target":{"file":"bta/hf_client/bta_hf_client_at.cc"}}, {"deprecated":false, "digest":{"function_hash":"99527865329864812908024186541795315569", "length":562}, "id":"ASB-A-224536184-f2731194", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/6d092ae08e8bcd7cacd50d52e1139b9d59239c87", "target":{"file":"bta/hf_client/bta_hf_client_at.cc", "function":"bta_hf_client_handle_cind_list_item"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2022-07-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/system/bt/+/a0c22fb6770dd8c70f45bed9070d4fb2c83d5289"}]}