CVE-2022-25750

BUG#111108 - BTHOST memory corruption during music playback and calls over bluetooth headset, BUG#111217 - BTHOST memory corruption during music playback, BUG#111465 - BTHOST memory corruption during music playback and calls over bluetooth headset, BUG#111493 - BTHOST memory corruption while playing music and calls over bluetooth headset

BTHOST memory corruption while playing music and calls over bluetooth headset in Snapdragon Mobile

BTHOST memory corruption while playing music and calls over bluetooth headset in Snapdragon Mobile

BTHOST memory corruption while playing music and calls over bluetooth headset in Snapdragon Mobile
In the second quarter of 2018, we started to receive reports about a new kind of BTHOST memory corruption that is not related to a certain Android version or to a change of software. In fact, the issue is related to hardware, to the nature of the SoC used by a device.
Starting from April, 2018, a number of reports about double free in BTHOST started to appear on our community forum. The reports stated that while playing music with a bluetooth headset the mobile phone encountered BTHOST memory corruption and the device became unresponsive. The same issues were noticed during calls over the bluetooth headset. As soon As the user unplugs the headset and then plugs it again, the phone starts to work normally again. The double free issue is related to the nature of

What is the BTHOST memory and how does it works?

The BTHOST is the bluetooth Host Controller which handles the communications between the mobile phone and a Bluetooth device. The memory pool of this controller can be used as a buffer to store data transmitted over the bluetooth connection.

How does the BTHOST work?

The BTHOST is a set of modules that are used in the Snapdragon Mobile platform. They work as a part of the audio pipeline and include an audio processing unit, a power management unit, and one or more Bluetooth radio transceivers (also referred to as radios).
BTHOST memory corruption can be caused by low power or higher noise conditions or if there is a condition called "double free". Double free means that two pointers point to the same memory location.

What is BTHOST?

The Bluetooth Host controller interface (BTHOST) is a component of the Windows CE kernel architecture, which provides host-to-device level services for use with the Bluetooth wireless technology. BTHOST is primarily responsible for sending and receiving packets from a paired device and is also used to help manage signals in the vicinity of the phone.

Timeline

Published on: 10/19/2022 11:15:00 UTC
Last modified on: 10/20/2022 21:09:00 UTC

References