In reassemble_and_dispatch of packet_fragmenter.cc, there is possible out of bounds write due to an incorrect bounds calculation. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-143894715
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
google android 8.0 |
||
google android 8.1 |
||
google android 9.0 |
||
google android 10.0 |
||
huawei mate_20_firmware |
||
huawei mate_20_pro_firmware |
||
huawei mate_20_x_firmware |
||
huawei p_smart_firmware |
||
huawei p_smart_2019_firmware |
||
huawei p20_firmware |
||
huawei p20_pro_firmware |
||
huawei p30_firmware |
||
huawei p30_pro_firmware |
||
huawei y6_2019_firmware |
||
huawei y6_pro_2019_firmware |
||
huawei y9_2019_firmware |
||
huawei nova_3_firmware |
||
huawei nova_lite_3_firmware |
||
huawei honor_8a_firmware |
||
huawei honor_8x_firmware |
||
huawei honor_view_20_firmware |
||
huawei mate_30_pro_firmware |
||
huawei mate_30_firmware |
||
huawei mate_30_pro_5g_firmware |
||
huawei mate_30_5g_firmware |
'Pwned with a broadcast' bug among 25 to be patched by Google Here we go again: Software nasties slip into Google Play, exploit make-me-root Android flaw for maximum pwnage
Google has posted the February security updates for Android, including for a potentially serious remote code execution flaw in Bluetooth. Designated CVE-2020-0022, the flaw was discovered and reported by researchers with German company ERNW who say a fix has been in the works since November. "On Android 8.0 to 9.0, a remote attacker within proximity can silently execute arbitrary code with the privileges of the Bluetooth daemon as long as Bluetooth is enabled," the team explained. "No user inter...