Published: 13/02/2020 Updated: 18/02/2020
CVSS v2 Base Score: 8.3 | Impact Score: 10 | Exploitability Score: 6.5
Vector: AV:A/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

Google Android could allow a remote malicious user to execute arbitrary code on the system, caused by an error in the Bluetooth implementation. By using a specially crafted transmission, an attacker could exploit this vulnerability to execute arbitrary code with the privileges of the Bluetooth daemon.

Vulnerability Trend

Affected Products

Vendor Product Versions
GoogleAndroid8.0, 8.1, 9.0, 10.0

Mailing Lists

OK, I think I got it the condition Below is Mobile (Android) Bluetooth subsystem log: 02-12 22:33:26928 2416 2461 W bt_hci_packet_fragmenter: reassemble_and_dispatch reassemble_and_dispatch 02-12 22:33:26928 2416 2461 W bt_hci_packet_fragmenter: reassemble_and_dispatch partial_packet->offset 21 packet->len 683 HCI_ACL_PREAMBLE_SIZE 4 ...
Hi all, You can read more here, if you didn't hear about it: insinuatornet/2020/02/critical-bluetooth-vulnerability-in-android-cve-2020-0022/ Looking at the patch, when I understood it correctly, it seems all you need to send fragmented GAP ACL L2CAP data over HCI: androidgooglesourcecom/platform/system/bt/+/3cb7149d8fed2d7d7 ...

Github Repositories

Recent Articles

Critical Android Bluetooth Bug Enables RCE, No User Interaction Needed
Threatpost • Lindsey O'Donnell • 07 Feb 2020

A critical vulnerability in the Bluetooth implementation on Android devices could allow attackers to launch remote code execution (RCE) attacks – without any user interaction.
Researchers on Thursday revealed further details behind the critical Android flaw (CVE-2020-0022), which was patched earlier this week as part of Google’s February Android Security Bulletin. The RCE bug poses as a critical-severity threat to Android versions Pie (9.0) and Oreo (8.0, 8.1), which account for almo...

Critical Bluetooth bug leaves Android users open to attack
welivesecurity • Tomáš Foltýn • 07 Feb 2020

Google has rolled out a security update to address a critical flaw in Android’s Bluetooth implementation that allows remote code execution without user interaction.
The vulnerability, tracked as CVE-2020-0022, affects devices running Android Oreo (8.0 and 8.1) and Pie (9.0). For these devices, which between them account for almost two-thirds of Android devices in use, the flaw is rated critical by Google.
According to German IT security provider ERNW, which discovered the ‘wormab...

Android owners – you'll want to get these latest security patches, especially for this nasty Bluetooth hijack flaw
The Register • Shaun Nichols in San Francisco • 07 Feb 2020

'Pwned with a broadcast' bug among 25 to be patched by Google

Google has posted the February security updates for Android, including for a potentially serious remote code execution flaw in Bluetooth.
Designated CVE-2020-0022, the flaw was discovered and reported by researchers with German company ERNW who say a fix has been in the works since November.
"On Android 8.0 to 9.0, a remote attacker within proximity can silently execute arbitrary code with the privileges of the Bluetooth daemon as long as Bluetooth is enabled," the team explained.

Critical Android Bluetooth Flaw Exploitable without User Interaction
BleepingComputer • Ionut Ilascu • 06 Feb 2020

Android users are urged to apply the latest security patches released for the operating system on Monday that address a critical vulnerability in the Bluetooth subsystem.
An attacker could leverage the security flaw, now identified as CVE-2020-0022 without user participation to run arbitrary code on the device with the elevated privileges of the Bluetooth daemon when the wireless module is active.
Discovered and reported by Jan Ruge at the Technische Universität Darmstadt, Secure M...

Two Critical Android Bugs Get Patched in February Update
Threatpost • Tom Spring • 04 Feb 2020

Google has released a security update for a critical flaw in its Android operating system that allows hackers to execute remote code on affected handsets, potentially allowing an adversary to gain remote access to the device. Part of Google’s February Android Security Bulletin, released Monday, also warns of a second critical flaw that could allow a remote hacker to gain access to an Android handset and obtain sensitive data.
Tracked as CVE-2020-0022, the remote code execution (RCE) bug ...