{"id":"ASB-A-375408314", "published":"2025-03-01T00:00:00Z", "modified":"2026-05-01T15:24:27.653932157Z", "aliases":["CVE-2025-0074", "A-375408314"], "details":"In process_service_attr_rsp of sdp_discovery.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/packages/modules/Bluetooth", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"15-next:0"}, {"fixed":"15-next:2025-03-01"}]}], "versions":["15-next"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/packages/modules/Bluetooth/+/7f74d44cebf1cad4b3d7aa9b05236a41cb221e9e"], "severity":"Critical", "spl":"2025-03-01", "types":["RCE"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["185486579480985713112082667811722275236", "17057568583745171272579259696309426503", "80774933675077869032302284458860655476", "115680520510039957212659840251882548952", "149272764073703809669421546090731542086", "132375438198367819111153161607144242575", "186177419848916491106430461256472221809", "250022138064522366207171179373555795389"], "threshold":0.9}, "id":"ASB-A-375408314-44e33881", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/7f74d44cebf1cad4b3d7aa9b05236a41cb221e9e", "target":{"file":"system/stack/sdp/sdp_discovery.cc"}}, {"deprecated":false, "digest":{"function_hash":"140146735426474515366070883419062745255", "length":1497}, "id":"ASB-A-375408314-47499204", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/7f74d44cebf1cad4b3d7aa9b05236a41cb221e9e", "target":{"file":"system/stack/sdp/sdp_discovery.cc", "function":"sdp_snd_service_search_req"}}, {"deprecated":false, "digest":{"function_hash":"308941742199032283269529400827602332500", "length":3689}, "id":"ASB-A-375408314-8c0a16e4", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/7f74d44cebf1cad4b3d7aa9b05236a41cb221e9e", "target":{"file":"system/stack/sdp/sdp_discovery.cc", "function":"process_service_search_attr_rsp"}}]}}, {"package":{"name":"platform/packages/modules/Bluetooth", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"15:0"}, {"fixed":"15:2025-03-01"}]}], "versions":["15"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/packages/modules/Bluetooth/+/bb2f54f9ed938267c2830da4a9d984529274d8a8"], "severity":"Critical", "spl":"2025-03-01", "types":["RCE"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"165027032574402723718083216113014457432", "length":1358}, "id":"ASB-A-375408314-0c8b0075", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/bb2f54f9ed938267c2830da4a9d984529274d8a8", "target":{"file":"system/stack/sdp/sdp_discovery.cc", "function":"sdp_snd_service_search_req"}}, {"deprecated":false, "digest":{"line_hashes":["12190546748810153671323829287973396926", "250063306120409055104865957682659589968", "14738994624663035747041608733386582070", "23271983830575734844306478053192221507", "72564316092330557065769555111629989985", "167288907091122585214705296993377740906", "320217447774151956406964022062422034648", "307622193380667158305078197192178528596"], "threshold":0.9}, "id":"ASB-A-375408314-839ef8ed", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/bb2f54f9ed938267c2830da4a9d984529274d8a8", "target":{"file":"system/stack/sdp/sdp_discovery.cc"}}, {"deprecated":false, "digest":{"function_hash":"48886429007938031076324531841910728667", "length":3316}, "id":"ASB-A-375408314-ea7c07d0", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/bb2f54f9ed938267c2830da4a9d984529274d8a8", "target":{"file":"system/stack/sdp/sdp_discovery.cc", "function":"process_service_search_attr_rsp"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2025-03-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/37bcf769c1aa8dfa8e5524858d47f6a80b765fa4"}]}