Full Disclosure mailing list archives
Critical Bluetooth Vulnerability in Android (CVE-2020-0022) – BlueFrag
From: Marcin Kozlowski <marcinguy () gmail com>
Date: Sat, 8 Feb 2020 10:10:54 +0100
Hi all, You can read more here, if you didn't hear about it: https://insinuator.net/2020/02/critical-bluetooth-vulnerability-in-android-cve-2020-0022/ Looking at the patch, when I understood it correctly, it seems all you need to send fragmented GAP ACL L2CAP data over HCI: https://android.googlesource.com/platform/system/bt/+/3cb7149d8fed2d7d77ceaa95bf845224c4db3baf Anybody can confirm/deny? Anybody had success on doing it? Starting to work on PoC/Demo to crate such a packets: https://stackoverflow.com/questions/60116790/sending-gap-acl-l2cap-data-packets Don't have a debugable device now though ... For me crashing would be enough. If anybody want to help on this, feel free to contact me directly or via the list/SO. Thanks, _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- Critical Bluetooth Vulnerability in Android (CVE-2020-0022) – BlueFrag Marcin Kozlowski (Feb 11)
- Re: [FD] Critical Bluetooth Vulnerability in Android (CVE-2020-0022) – BlueFrag Marcin Kozlowski (Feb 14)