{"id":"ASB-A-254774758", "published":"2023-04-01T00:00:00Z", "modified":"2026-04-30T15:48:46.890647439Z", "aliases":["CVE-2023-21096", "A-254774758"], "details":"In OnWakelockReleased of attribution_processor.cc, there is a use after free that could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/packages/modules/Bluetooth", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"13-next:0"}, {"fixed":"13-next:2023-04-01"}]}], "versions":["13-next"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/packages/modules/Bluetooth/+/2ffa65df8a71a129d28cccb09459168bb9bb2a96", "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/8813b3b7a2f596e42db1844983025d2d10193676", "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/bdcf174f20a7fe2ecf9e35758d76d9db4b480090"], "severity":"Critical", "spl":"2023-04-01", "types":["RCE"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"67997498366820575910589749269650826408", "length":3581}, "id":"ASB-A-254774758-56075af3", "match_only_versions":["13-next"], "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/8813b3b7a2f596e42db1844983025d2d10193676", "target":{"file":"system/gd/btaa/linux_generic/attribution_processor.cc", "function":"AttributionProcessor::OnWakelockReleased"}}, {"deprecated":false, "digest":{"line_hashes":["12900549581914168485293397155119351593", "188741019249326939814519404937643072082", "318789242921263057414067221518528705292", "304414865865909056343987389498040960484"], "threshold":0.9}, "id":"ASB-A-254774758-5e0df390", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/8813b3b7a2f596e42db1844983025d2d10193676", "target":{"file":"system/gd/btaa/attribution_processor.h"}}, {"deprecated":false, "digest":{"function_hash":"299293289398272049689342512514058281279", "length":3409}, "id":"ASB-A-254774758-cbb937f6", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/2ffa65df8a71a129d28cccb09459168bb9bb2a96", "target":{"file":"system/gd/btaa/linux_generic/attribution_processor.cc", "function":"AttributionProcessor::OnWakelockReleased"}}, {"deprecated":false, "digest":{"line_hashes":["143941530185700875452918972360490076901", "117866796008345477441414371737867758179", "116807814216425906070591271558139157130", "169809359126774245513351681617172054098"], "threshold":0.9}, "id":"ASB-A-254774758-ee6737e0", "match_only_versions":["13-next"], "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/8813b3b7a2f596e42db1844983025d2d10193676", "target":{"file":"system/gd/btaa/linux_generic/attribution_processor.cc"}}, {"deprecated":false, "digest":{"line_hashes":["18060905755506602008223646092062842807", "145480387711426464881095117105460401534", "63887230964152114113574021921283583566", "205030628601755833546320678999063250221", "144990182868268974103067371802256403907", "17377848101485330564086492917232461262", "140155046571125345422158689650378340741", "271980606894935024015424335626156461340", "53233114695008526344817102835550892994", "275938546527731765269410863473714144466", "171026771153299635694362358732147003952", "102309086400846651721388724520953645395", "233971134084911506611752761727870548569", "125921412701228748292635841890358152991", "144990182868268974103067371802256403907", "108845131693991720011745577360710325132", "208011038678721690757401280612294897421", "204078919627188455613377777632337566914", "73999548915854691353842325909389891616"], "threshold":0.9}, "id":"ASB-A-254774758-eef003ea", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/2ffa65df8a71a129d28cccb09459168bb9bb2a96", "target":{"file":"system/gd/btaa/linux_generic/attribution_processor.cc"}}]}}, {"package":{"name":"platform/packages/modules/Bluetooth", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"13:0"}, {"fixed":"13:2023-04-01"}]}], "versions":["13"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/packages/modules/Bluetooth/+/be2a15703f7285d0dec4afaa8395e3a9a897d352", "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/fb9a519eed94776a488c5dcf0fa91d620bfc9e88", "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/15fbebc88e86763c61f606592085f95a26c00b42"], "severity":"Critical", "spl":"2023-04-01", "types":["RCE"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["12900549581914168485293397155119351593", "188741019249326939814519404937643072082", "318789242921263057414067221518528705292", "304414865865909056343987389498040960484"], "threshold":0.9}, "id":"ASB-A-254774758-26690c9a", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/fb9a519eed94776a488c5dcf0fa91d620bfc9e88", "target":{"file":"system/gd/btaa/attribution_processor.h"}}, {"deprecated":false, "digest":{"line_hashes":["18060905755506602008223646092062842807", "145480387711426464881095117105460401534", "63887230964152114113574021921283583566", "205030628601755833546320678999063250221", "144990182868268974103067371802256403907", "17377848101485330564086492917232461262", "140155046571125345422158689650378340741", "271980606894935024015424335626156461340", "53233114695008526344817102835550892994", "275938546527731765269410863473714144466", "171026771153299635694362358732147003952", "102309086400846651721388724520953645395", "233971134084911506611752761727870548569", "125921412701228748292635841890358152991", "144990182868268974103067371802256403907", "108845131693991720011745577360710325132", "208011038678721690757401280612294897421", "204078919627188455613377777632337566914", "73999548915854691353842325909389891616"], "threshold":0.9}, "id":"ASB-A-254774758-49e29e85", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/15fbebc88e86763c61f606592085f95a26c00b42", "target":{"file":"system/gd/btaa/linux_generic/attribution_processor.cc"}}, {"deprecated":false, "digest":{"function_hash":"299293289398272049689342512514058281279", "length":3409}, "id":"ASB-A-254774758-83498449", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/15fbebc88e86763c61f606592085f95a26c00b42", "target":{"file":"system/gd/btaa/linux_generic/attribution_processor.cc", "function":"AttributionProcessor::OnWakelockReleased"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2023-04-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/9406531d2140299c85bcff60c7d684b9d46acbe4"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/e035d58ca53aa16cdea0914319ebd415fdf02a4e"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/a621fd06157441d995c30d96a31e7883a808d6ab"}]}