{"id":"ASB-A-228450451", "published":"2022-12-01T00:00:00Z", "modified":"2026-04-29T15:10:00.007170452Z", "aliases":["CVE-2022-20468", "A-228450451"], "details":"In BNEP_ConnectResp of bnep_api.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/system/bt", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"10:0"}, {"fixed":"10:2022-12-01"}]}], "versions":["10"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/bt/+/0fa54c7d8a2c061202e61d75b805661c1e89a76d"], "severity":"Moderate", "spl":"2022-12-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["19615635629939757925767189986436799647", "207990587364688167640515750653759914052", "274620203780754120125403676728619555520", "32405815071143783313761956769936829827"], "threshold":0.9}, "id":"ASB-A-228450451-38d4fb4b", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/0fa54c7d8a2c061202e61d75b805661c1e89a76d", "target":{"file":"stack/bnep/bnep_api.cc"}}, {"deprecated":false, "digest":{"function_hash":"251628678351054005449541836964376859324", "length":1562}, "id":"ASB-A-228450451-d362a3a4", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/0fa54c7d8a2c061202e61d75b805661c1e89a76d", "target":{"file":"stack/bnep/bnep_api.cc", "function":"BNEP_ConnectResp"}}]}}, {"package":{"name":"platform/system/bt", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"11:0"}, {"fixed":"11:2022-12-01"}]}], "versions":["11"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/bt/+/0fa54c7d8a2c061202e61d75b805661c1e89a76d"], "severity":"Moderate", "spl":"2022-12-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["19615635629939757925767189986436799647", "207990587364688167640515750653759914052", "274620203780754120125403676728619555520", "32405815071143783313761956769936829827"], "threshold":0.9}, "id":"ASB-A-228450451-27e16e04", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/0fa54c7d8a2c061202e61d75b805661c1e89a76d", "target":{"file":"stack/bnep/bnep_api.cc"}}, {"deprecated":false, "digest":{"function_hash":"251628678351054005449541836964376859324", "length":1562}, "id":"ASB-A-228450451-2bd73671", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/0fa54c7d8a2c061202e61d75b805661c1e89a76d", "target":{"file":"stack/bnep/bnep_api.cc", "function":"BNEP_ConnectResp"}}]}}, {"package":{"name":"platform/system/bt", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12:0"}, {"fixed":"12:2022-12-01"}]}], "versions":["12"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/bt/+/0fa54c7d8a2c061202e61d75b805661c1e89a76d"], "severity":"Moderate", "spl":"2022-12-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["19615635629939757925767189986436799647", "207990587364688167640515750653759914052", "274620203780754120125403676728619555520", "32405815071143783313761956769936829827"], "threshold":0.9}, "id":"ASB-A-228450451-4fcbe8a0", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/0fa54c7d8a2c061202e61d75b805661c1e89a76d", "target":{"file":"stack/bnep/bnep_api.cc"}}, {"deprecated":false, "digest":{"function_hash":"251628678351054005449541836964376859324", "length":1562}, "id":"ASB-A-228450451-4ffc2e49", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/0fa54c7d8a2c061202e61d75b805661c1e89a76d", "target":{"file":"stack/bnep/bnep_api.cc", "function":"BNEP_ConnectResp"}}]}}, {"package":{"name":"platform/packages/modules/Bluetooth", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"13:0"}, {"fixed":"13:2022-12-01"}]}], "versions":["13"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/packages/modules/Bluetooth/+/644f250acd25ef47950c39349eea6fbfbdd41c14"], "severity":"Moderate", "spl":"2022-12-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"134753087569954871622545896418553395064", "length":1538}, "id":"ASB-A-228450451-64dcb2f6", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/644f250acd25ef47950c39349eea6fbfbdd41c14", "target":{"file":"system/stack/bnep/bnep_api.cc", "function":"BNEP_ConnectResp"}}, {"deprecated":false, "digest":{"line_hashes":["19615635629939757925767189986436799647", "207990587364688167640515750653759914052", "274620203780754120125403676728619555520", "32405815071143783313761956769936829827"], "threshold":0.9}, "id":"ASB-A-228450451-8be034e1", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/644f250acd25ef47950c39349eea6fbfbdd41c14", "target":{"file":"system/stack/bnep/bnep_api.cc"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2022-12-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/644f250acd25ef47950c39349eea6fbfbdd41c14"}]}