{"id":"ASB-A-294854926","details":"In multiple locations, there is a possible way to inject keystrokes due to improper input validation. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-294854926","CVE-2023-45866"],"modified":"2026-03-11T06:31:13.783766Z","published":"2023-12-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2023-12-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/25a7d9aaceea0f7d6cb4ae3da5aa66efb0bc7db8"},{"type":"FIX","url":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/f4e439c22354f0aa868a982bc88bcc9de3bc37f7"},{"type":"FIX","url":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/a99edb35d6c044dbd607a74b88102bf2f36d5ef5"},{"type":"FIX","url":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/9194524a92e0f5859caeab1ff487d21d9b513d0b"},{"type":"FIX","url":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/5673b3c6bbe8c6c9edb8afb5e9499dc3a41d3943"}],"affected":[{"package":{"name":"platform/packages/modules/Bluetooth","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"14-next:0"},{"fixed":"14-next:2023-12-05"}]}],"versions":["14-next"],"ecosystem_specific":{"vanir_signatures":[{"signature_type":"Function","digest":{"function_hash":"43061959119376664686213669205630250217","length":3687},"target":{"function":"btm_sec_mx_access_request","file":"system/stack/btm/btm_sec.cc"},"source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/47e6e149f1d4dc557e10033ac9b147d24b37bea9","id":"ASB-A-294854926-059d157c","deprecated":false,"signature_version":"v1"},{"signature_type":"Function","digest":{"function_hash":"215695592036135719644977304772359023020","length":4651},"target":{"function":"btm_sec_l2cap_access_req_by_requirement","file":"system/stack/btm/btm_sec.cc"},"source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/c11c2a2bead295edf18cecf682255a498e84133a","id":"ASB-A-294854926-090125e9","deprecated":false,"signature_version":"v1"},{"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["327726614591132955930433172871099717903","197930606696217597035208074150621772822","166794929128900300915561907345180701273","164199376099043487722114674449096514495","23620032038652460826050081495759217785","297213598390837072291132050047395006129","327221696050590702682098809278413926844","258687265015304540196780716216700072890","320361581108495589074678686765361193246","336571227219424925835724995270954847657","115427643381435667709037331751617952024","29553329085620064767598501518369690775","170522308103141478552028082718541408689"]},"target":{"file":"system/stack/btm/btm_sec.cc"},"source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/1f08f638c91169df84a43b6cd4e04d1aa3a5d554","id":"ASB-A-294854926-491808bc","deprecated":false,"signature_version":"v1"},{"signature_type":"Function","digest":{"function_hash":"7543547725549122498057745148487987420","length":3064},"target":{"function":"btm_sec_execute_procedure","file":"system/stack/btm/btm_sec.cc"},"source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/916b6d3899908ed09f81be131e48933637e4c9ef","id":"ASB-A-294854926-6cefc009","deprecated":false,"signature_version":"v1"},{"signature_type":"Function","digest":{"function_hash":"227716039357205455596514507040959899397","length":3218},"target":{"function":"btm_sec_execute_procedure","file":"system/stack/btm/btm_sec.cc"},"source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/7db69a79091ec0199ddbac2a7b8cf1e0b57631d9","id":"ASB-A-294854926-83be7474","deprecated":false,"signature_version":"v1"},{"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["88710778939939341708182668696184595067","316442034712659710033328952761665050987","239601478006897628917834495740462975633","185290641695190860213052543011444003626","66368683702105953488782220688795689462","22481806171367450194091711553814426049","59072545174229000742900569033826009446","77121349886279935010345127709434548406","211573699949862158210065507873481000101","50501308920270220513354876286744260575","154287669510427265633008105313165446521","40497840818941502570794969669981540994","12609281695717453417979954011582625658","191022934420395666287276243622152618880","121179739499933830404999192882733450321","114462787912678077604416508882015537397","79753896944960809786040229503677631995","324387921172300633552126393370693173158","117323551458770150904581659960166190040","263174241450555514913995875450648538592","14865090226669659818693850022332333744","176675532814169278854780150411146545439","337388328990730320040764338873050589091","306411892969702854172529488471529543967","19788115616581493742615304364948347714"]},"target":{"file":"system/stack/btm/btm_sec.cc"},"source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/916b6d3899908ed09f81be131e48933637e4c9ef","id":"ASB-A-294854926-8dc4be8a","deprecated":false,"signature_version":"v1"},{"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["72640883571315974401250223963091742820","10831332715061995584754754210053003576","247678602532410717537523742923505432100","125686806664114597449707522274858443984","149702862141601733625195210600101596283","5541387743230517824350027217286894796","326246543653298477335977389305504641561","218663247680270114853278597221267139848"]},"target":{"file":"system/stack/btm/btm_sec.cc"},"source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/c11c2a2bead295edf18cecf682255a498e84133a","id":"ASB-A-294854926-c0fdb8cd","deprecated":false,"signature_version":"v1"},{"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["130576089680536536344037578514106496567","124972510390996048002673081655286670014","304790754760881851060894806698575827324","112947201565128364641089025777777922660","39523914723792721698083737087618592613","143134273395999632632466771533559157311","134335022737795770251329799216660606953","21549805784849976879903962811056827916","226126933156987047440362986053037483724","134207623260156721310079654572720950563"]},"target":{"file":"system/stack/btm/btm_sec.cc"},"source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/7db69a79091ec0199ddbac2a7b8cf1e0b57631d9","id":"ASB-A-294854926-c9629e24","deprecated":false,"signature_version":"v1"},{"signature_type":"Function","digest":{"function_hash":"246109971278572293455660786350735293608","length":2853},"target":{"function":"btm_sec_execute_procedure","file":"system/stack/btm/btm_sec.cc"},"source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/1f08f638c91169df84a43b6cd4e04d1aa3a5d554","id":"ASB-A-294854926-cfc1bb84","deprecated":false,"signature_version":"v1"},{"signature_type":"Function","digest":{"function_hash":"9157070141791544964759663560233365137","length":4510},"target":{"function":"btm_sec_l2cap_access_req_by_requirement","file":"system/stack/btm/btm_sec.cc"},"source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/1f08f638c91169df84a43b6cd4e04d1aa3a5d554","id":"ASB-A-294854926-d615ce60","deprecated":false,"signature_version":"v1"},{"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["62864883837795556395038769934841282591","152724950096426265462179098672602977003","199016575340536779230922651505676499081","208800338443382568773467122031384533390"]},"target":{"file":"system/stack/btm/btm_sec.cc"},"source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/47e6e149f1d4dc557e10033ac9b147d24b37bea9","id":"ASB-A-294854926-f9682595","deprecated":false,"signature_version":"v1"}],"types":["EoP"],"severity":"Critical","fixes":["https://android.googlesource.com/platform/packages/modules/Bluetooth/+/1f08f638c91169df84a43b6cd4e04d1aa3a5d554","https://android.googlesource.com/platform/packages/modules/Bluetooth/+/47e6e149f1d4dc557e10033ac9b147d24b37bea9","https://android.googlesource.com/platform/packages/modules/Bluetooth/+/c11c2a2bead295edf18cecf682255a498e84133a","https://android.googlesource.com/platform/packages/modules/Bluetooth/+/916b6d3899908ed09f81be131e48933637e4c9ef","https://android.googlesource.com/platform/packages/modules/Bluetooth/+/7db69a79091ec0199ddbac2a7b8cf1e0b57631d9"],"spl":"2023-12-05"},"database_specific":{"source":"https://storage.googleapis.com/android-osv-test/ASB-A-294854926.json"}},{"package":{"name":"platform/packages/modules/Bluetooth","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2023-12-05"}]}],"versions":["13"],"ecosystem_specific":{"vanir_signatures":[{"signature_type":"Function","digest":{"function_hash":"64890337561556695552529591354345770620","length":3823},"target":{"function":"btm_sec_mx_access_request","file":"system/stack/btm/btm_sec.cc"},"source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/9878a84e7eebb49ba994a9bbdd2258ecf4b3abb8","id":"ASB-A-294854926-62563d58","deprecated":false,"signature_version":"v1"},{"signature_type":"Function","digest":{"function_hash":"47862086917595918524314744637140425822","length":2779},"target":{"function":"btm_sec_execute_procedure","file":"system/stack/btm/btm_sec.cc"},"source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/232f4f81a9774196f688e956f50084514110798a","id":"ASB-A-294854926-6d1ea1d6","deprecated":false,"signature_version":"v1"},{"signature_type":"Function","digest":{"function_hash":"9157070141791544964759663560233365137","length":4510},"target":{"function":"btm_sec_l2cap_access_req_by_requirement","file":"system/stack/btm/btm_sec.cc"},"source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/232f4f81a9774196f688e956f50084514110798a","id":"ASB-A-294854926-7ac3c165","deprecated":false,"signature_version":"v1"},{"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["72640883571315974401250223963091742820","10831332715061995584754754210053003576","247678602532410717537523742923505432100","125686806664114597449707522274858443984","149702862141601733625195210600101596283","5541387743230517824350027217286894796","326246543653298477335977389305504641561","218663247680270114853278597221267139848"]},"target":{"file":"system/stack/btm/btm_sec.cc"},"source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/9e4cef217f1d1e11fb7b74765ec17200e618bc24","id":"ASB-A-294854926-8231763f","deprecated":false,"signature_version":"v1"},{"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["327726614591132955930433172871099717903","150713718228937724368047022834802500669","188944822711260041976089381464245873248","164199376099043487722114674449096514495","23620032038652460826050081495759217785","297213598390837072291132050047395006129","327221696050590702682098809278413926844","258687265015304540196780716216700072890","320361581108495589074678686765361193246","336571227219424925835724995270954847657","115427643381435667709037331751617952024","29553329085620064767598501518369690775","170522308103141478552028082718541408689"]},"target":{"file":"system/stack/btm/btm_sec.cc"},"source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/232f4f81a9774196f688e956f50084514110798a","id":"ASB-A-294854926-863c79ff","deprecated":false,"signature_version":"v1"},{"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["130576089680536536344037578514106496567","124972510390996048002673081655286670014","304790754760881851060894806698575827324","112947201565128364641089025777777922660","39523914723792721698083737087618592613","143134273395999632632466771533559157311","134335022737795770251329799216660606953","21549805784849976879903962811056827916","226126933156987047440362986053037483724","134207623260156721310079654572720950563"]},"target":{"file":"system/stack/btm/btm_sec.cc"},"source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/0a8c39cda12639f0b08f5ca79bff6b5515ab20d9","id":"ASB-A-294854926-89f29961","deprecated":false,"signature_version":"v1"},{"signature_type":"Function","digest":{"function_hash":"53983468789301059142697866019089284215","length":3144},"target":{"function":"btm_sec_execute_procedure","file":"system/stack/btm/btm_sec.cc"},"source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/0a8c39cda12639f0b08f5ca79bff6b5515ab20d9","id":"ASB-A-294854926-90a1b3e7","deprecated":false,"signature_version":"v1"},{"signature_type":"Function","digest":{"function_hash":"215695592036135719644977304772359023020","length":4651},"target":{"function":"btm_sec_l2cap_access_req_by_requirement","file":"system/stack/btm/btm_sec.cc"},"source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/9e4cef217f1d1e11fb7b74765ec17200e618bc24","id":"ASB-A-294854926-92a948a1","deprecated":false,"signature_version":"v1"},{"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["62864883837795556395038769934841282591","152724950096426265462179098672602977003","199016575340536779230922651505676499081","208800338443382568773467122031384533390"]},"target":{"file":"system/stack/btm/btm_sec.cc"},"source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/9878a84e7eebb49ba994a9bbdd2258ecf4b3abb8","id":"ASB-A-294854926-9ab963fc","deprecated":false,"signature_version":"v1"},{"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["88710778939939341708182668696184595067","316442034712659710033328952761665050987","239601478006897628917834495740462975633","185290641695190860213052543011444003626","66368683702105953488782220688795689462","22481806171367450194091711553814426049","59072545174229000742900569033826009446","77121349886279935010345127709434548406","211573699949862158210065507873481000101","50501308920270220513354876286744260575","154287669510427265633008105313165446521","40497840818941502570794969669981540994","12609281695717453417979954011582625658","191022934420395666287276243622152618880","121179739499933830404999192882733450321","114462787912678077604416508882015537397","79753896944960809786040229503677631995","324387921172300633552126393370693173158","117323551458770150904581659960166190040","263174241450555514913995875450648538592","14865090226669659818693850022332333744","176675532814169278854780150411146545439","337388328990730320040764338873050589091","306411892969702854172529488471529543967","19788115616581493742615304364948347714"]},"target":{"file":"system/stack/btm/btm_sec.cc"},"source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/6bacbe908e8ba71422badc6ebff47d3f021e8824","id":"ASB-A-294854926-b6f3c1fd","deprecated":false,"signature_version":"v1"},{"signature_type":"Function","digest":{"function_hash":"118553798505122248232926303275660380254","length":2990},"target":{"function":"btm_sec_execute_procedure","file":"system/stack/btm/btm_sec.cc"},"source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/6bacbe908e8ba71422badc6ebff47d3f021e8824","id":"ASB-A-294854926-ccf61271","deprecated":false,"signature_version":"v1"}],"types":["EoP"],"severity":"Critical","fixes":["https://android.googlesource.com/platform/packages/modules/Bluetooth/+/232f4f81a9774196f688e956f50084514110798a","https://android.googlesource.com/platform/packages/modules/Bluetooth/+/9878a84e7eebb49ba994a9bbdd2258ecf4b3abb8","https://android.googlesource.com/platform/packages/modules/Bluetooth/+/9e4cef217f1d1e11fb7b74765ec17200e618bc24","https://android.googlesource.com/platform/packages/modules/Bluetooth/+/6bacbe908e8ba71422badc6ebff47d3f021e8824","https://android.googlesource.com/platform/packages/modules/Bluetooth/+/0a8c39cda12639f0b08f5ca79bff6b5515ab20d9"],"spl":"2023-12-05"},"database_specific":{"source":"https://storage.googleapis.com/android-osv-test/ASB-A-294854926.json"}},{"package":{"name":"platform/packages/modules/Bluetooth","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"14:0"},{"fixed":"14:2023-12-05"}]}],"versions":["14"],"ecosystem_specific":{"vanir_signatures":[{"signature_type":"Function","digest":{"function_hash":"246109971278572293455660786350735293608","length":2853},"target":{"function":"btm_sec_execute_procedure","file":"system/stack/btm/btm_sec.cc"},"source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/1f08f638c91169df84a43b6cd4e04d1aa3a5d554","id":"ASB-A-294854926-0edcf7c0","deprecated":false,"signature_version":"v1"},{"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["62864883837795556395038769934841282591","152724950096426265462179098672602977003","199016575340536779230922651505676499081","208800338443382568773467122031384533390"]},"target":{"file":"system/stack/btm/btm_sec.cc"},"source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/47e6e149f1d4dc557e10033ac9b147d24b37bea9","id":"ASB-A-294854926-27d7461b","deprecated":false,"signature_version":"v1"},{"signature_type":"Function","digest":{"function_hash":"227716039357205455596514507040959899397","length":3218},"target":{"function":"btm_sec_execute_procedure","file":"system/stack/btm/btm_sec.cc"},"source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/7db69a79091ec0199ddbac2a7b8cf1e0b57631d9","id":"ASB-A-294854926-509a6d29","deprecated":false,"signature_version":"v1"},{"signature_type":"Function","digest":{"function_hash":"43061959119376664686213669205630250217","length":3687},"target":{"function":"btm_sec_mx_access_request","file":"system/stack/btm/btm_sec.cc"},"source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/47e6e149f1d4dc557e10033ac9b147d24b37bea9","id":"ASB-A-294854926-68de9477","deprecated":false,"signature_version":"v1"},{"signature_type":"Function","digest":{"function_hash":"9157070141791544964759663560233365137","length":4510},"target":{"function":"btm_sec_l2cap_access_req_by_requirement","file":"system/stack/btm/btm_sec.cc"},"source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/1f08f638c91169df84a43b6cd4e04d1aa3a5d554","id":"ASB-A-294854926-77f1e02a","deprecated":false,"signature_version":"v1"},{"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["88710778939939341708182668696184595067","316442034712659710033328952761665050987","239601478006897628917834495740462975633","185290641695190860213052543011444003626","66368683702105953488782220688795689462","22481806171367450194091711553814426049","59072545174229000742900569033826009446","77121349886279935010345127709434548406","211573699949862158210065507873481000101","50501308920270220513354876286744260575","154287669510427265633008105313165446521","40497840818941502570794969669981540994","12609281695717453417979954011582625658","191022934420395666287276243622152618880","121179739499933830404999192882733450321","114462787912678077604416508882015537397","79753896944960809786040229503677631995","324387921172300633552126393370693173158","117323551458770150904581659960166190040","263174241450555514913995875450648538592","14865090226669659818693850022332333744","176675532814169278854780150411146545439","337388328990730320040764338873050589091","306411892969702854172529488471529543967","19788115616581493742615304364948347714"]},"target":{"file":"system/stack/btm/btm_sec.cc"},"source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/916b6d3899908ed09f81be131e48933637e4c9ef","id":"ASB-A-294854926-82751d39","deprecated":false,"signature_version":"v1"},{"signature_type":"Function","digest":{"function_hash":"215695592036135719644977304772359023020","length":4651},"target":{"function":"btm_sec_l2cap_access_req_by_requirement","file":"system/stack/btm/btm_sec.cc"},"source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/c11c2a2bead295edf18cecf682255a498e84133a","id":"ASB-A-294854926-91dd5294","deprecated":false,"signature_version":"v1"},{"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["72640883571315974401250223963091742820","10831332715061995584754754210053003576","247678602532410717537523742923505432100","125686806664114597449707522274858443984","149702862141601733625195210600101596283","5541387743230517824350027217286894796","326246543653298477335977389305504641561","218663247680270114853278597221267139848"]},"target":{"file":"system/stack/btm/btm_sec.cc"},"source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/c11c2a2bead295edf18cecf682255a498e84133a","id":"ASB-A-294854926-acbd93ac","deprecated":false,"signature_version":"v1"},{"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["130576089680536536344037578514106496567","124972510390996048002673081655286670014","304790754760881851060894806698575827324","112947201565128364641089025777777922660","39523914723792721698083737087618592613","143134273395999632632466771533559157311","134335022737795770251329799216660606953","21549805784849976879903962811056827916","226126933156987047440362986053037483724","134207623260156721310079654572720950563"]},"target":{"file":"system/stack/btm/btm_sec.cc"},"source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/7db69a79091ec0199ddbac2a7b8cf1e0b57631d9","id":"ASB-A-294854926-b96aaebe","deprecated":false,"signature_version":"v1"},{"signature_type":"Function","digest":{"function_hash":"7543547725549122498057745148487987420","length":3064},"target":{"function":"btm_sec_execute_procedure","file":"system/stack/btm/btm_sec.cc"},"source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/916b6d3899908ed09f81be131e48933637e4c9ef","id":"ASB-A-294854926-c18f368c","deprecated":false,"signature_version":"v1"},{"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["327726614591132955930433172871099717903","197930606696217597035208074150621772822","166794929128900300915561907345180701273","164199376099043487722114674449096514495","23620032038652460826050081495759217785","297213598390837072291132050047395006129","327221696050590702682098809278413926844","258687265015304540196780716216700072890","320361581108495589074678686765361193246","336571227219424925835724995270954847657","115427643381435667709037331751617952024","29553329085620064767598501518369690775","170522308103141478552028082718541408689"]},"target":{"file":"system/stack/btm/btm_sec.cc"},"source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/1f08f638c91169df84a43b6cd4e04d1aa3a5d554","id":"ASB-A-294854926-e079b535","deprecated":false,"signature_version":"v1"}],"types":["EoP"],"severity":"Critical","fixes":["https://android.googlesource.com/platform/packages/modules/Bluetooth/+/1f08f638c91169df84a43b6cd4e04d1aa3a5d554","https://android.googlesource.com/platform/packages/modules/Bluetooth/+/47e6e149f1d4dc557e10033ac9b147d24b37bea9","https://android.googlesource.com/platform/packages/modules/Bluetooth/+/c11c2a2bead295edf18cecf682255a498e84133a","https://android.googlesource.com/platform/packages/modules/Bluetooth/+/916b6d3899908ed09f81be131e48933637e4c9ef","https://android.googlesource.com/platform/packages/modules/Bluetooth/+/7db69a79091ec0199ddbac2a7b8cf1e0b57631d9"],"spl":"2023-12-05"},"database_specific":{"source":"https://storage.googleapis.com/android-osv-test/ASB-A-294854926.json"}}],"schema_version":"1.7.5"}