{"id":"ASB-A-228078096", "published":"2022-07-01T00:00:00Z", "modified":"2026-04-30T15:48:46.890647439Z", "aliases":["CVE-2022-20222", "A-228078096"], "details":"In read_attr_value of gatt_db.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/system/bt", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12:0"}, {"fixed":"12:2022-07-01"}]}], "versions":["12"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/bt/+/6c01b49e627cd1dd29fe656d9cd5eb01205c8301"], "severity":"Critical", "spl":"2022-07-01", "types":["RCE"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"237028429680686170678538706192668025085", "length":2001}, "id":"ASB-A-228078096-c64731be", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/6c01b49e627cd1dd29fe656d9cd5eb01205c8301", "target":{"file":"stack/gatt/gatt_db.cc", "function":"read_attr_value"}}, {"deprecated":false, "digest":{"line_hashes":["271746948007969399780649439146152314031", "299042952866365987543762007777832047713", "318243900175279289348924400889235391181", "289412709252196214277184826095030737563", "17781346145243886110576082688024869423", "56659749081856240233204289263814143202", "88485116540816326733942640167814252172"], "threshold":0.9}, "id":"ASB-A-228078096-d2bc01b5", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/6c01b49e627cd1dd29fe656d9cd5eb01205c8301", "target":{"file":"stack/gatt/gatt_db.cc"}}]}}, {"package":{"name":"platform/system/bt", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12L:0"}, {"fixed":"12L:2022-07-01"}]}], "versions":["12L"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/bt/+/6c01b49e627cd1dd29fe656d9cd5eb01205c8301"], "severity":"Critical", "spl":"2022-07-01", "types":["RCE"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"237028429680686170678538706192668025085", "length":2001}, "id":"ASB-A-228078096-40d78136", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/6c01b49e627cd1dd29fe656d9cd5eb01205c8301", "target":{"file":"stack/gatt/gatt_db.cc", "function":"read_attr_value"}}, {"deprecated":false, "digest":{"line_hashes":["271746948007969399780649439146152314031", "299042952866365987543762007777832047713", "318243900175279289348924400889235391181", "289412709252196214277184826095030737563", "17781346145243886110576082688024869423", "56659749081856240233204289263814143202", "88485116540816326733942640167814252172"], "threshold":0.9}, "id":"ASB-A-228078096-478465d2", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/6c01b49e627cd1dd29fe656d9cd5eb01205c8301", "target":{"file":"stack/gatt/gatt_db.cc"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2022-07-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/system/bt/+/a47b8c7e985fb5aa253c5b1367a631c9c028b4aa"}]}