{"id":"ASB-A-318374503", "published":"2024-03-01T00:00:00Z", "modified":"2026-04-30T15:48:46.890647439Z", "aliases":["CVE-2024-23717", "A-318374503"], "details":"In access_secure_service_from_temp_bond of btm_sec.cc, there is a possible way to achieve keystroke injection due to improper input validation. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/packages/modules/Bluetooth", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"14-next:0"}, {"fixed":"14-next:2024-03-01"}]}], "versions":["14-next"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/packages/modules/Bluetooth/+/9402b43e919b3706d33a4534e13468b95896b5c5"], "severity":"Critical", "spl":"2024-03-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"333735336583064087039902703448593069282", "length":232}, "id":"ASB-A-318374503-3ca3c81e", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/9402b43e919b3706d33a4534e13468b95896b5c5", "target":{"file":"system/stack/btm/btm_sec.cc", "function":"access_secure_service_from_temp_bond"}}, {"deprecated":false, "digest":{"line_hashes":["73020516892836227850873902746339412076", "225516260501769301590541943710397904252", "105654584775185336510310529998476958019", "325063771327590450643352016418496974272"], "threshold":0.9}, "id":"ASB-A-318374503-c8a82fef", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/9402b43e919b3706d33a4534e13468b95896b5c5", "target":{"file":"system/stack/btm/btm_sec.cc"}}]}}, {"package":{"name":"platform/packages/modules/Bluetooth", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"13:0"}, {"fixed":"13:2024-03-01"}]}], "versions":["13"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/packages/modules/Bluetooth/+/62944f39f502b28687a5142ec2d77585525591bc"], "severity":"Critical", "spl":"2024-03-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["231790709002883891973800308045898413132", "295905668830846017767970564492123207739", "295610151115085055824572039453931712567", "17400750266784036359344154410214078877", "227633893623229621582798433050040704196"], "threshold":0.9}, "id":"ASB-A-318374503-88fe4656", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/62944f39f502b28687a5142ec2d77585525591bc", "target":{"file":"system/stack/btm/btm_sec.cc"}}, {"deprecated":false, "digest":{"function_hash":"115920379014818069597213206974632673599", "length":212}, "id":"ASB-A-318374503-9eb84a84", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/62944f39f502b28687a5142ec2d77585525591bc", "target":{"file":"system/stack/btm/btm_sec.cc", "function":"access_secure_service_from_temp_bond"}}]}}, {"package":{"name":"platform/packages/modules/Bluetooth", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"14:0"}, {"fixed":"14:2024-03-01"}]}], "versions":["14"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/packages/modules/Bluetooth/+/62944f39f502b28687a5142ec2d77585525591bc"], "severity":"Critical", "spl":"2024-03-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["231790709002883891973800308045898413132", "295905668830846017767970564492123207739", "295610151115085055824572039453931712567", "17400750266784036359344154410214078877", "227633893623229621582798433050040704196"], "threshold":0.9}, "id":"ASB-A-318374503-6f9c3a80", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/62944f39f502b28687a5142ec2d77585525591bc", "target":{"file":"system/stack/btm/btm_sec.cc"}}, {"deprecated":false, "digest":{"function_hash":"115920379014818069597213206974632673599", "length":212}, "id":"ASB-A-318374503-8054a4a2", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/62944f39f502b28687a5142ec2d77585525591bc", "target":{"file":"system/stack/btm/btm_sec.cc", "function":"access_secure_service_from_temp_bond"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2024-03-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/c5c528beb6e1cfed3ec93a3a264084df32ce83c2"}]}