CVE-2024-49747
Published: 21 January 2025
Description
In gatts_process_read_by_type_req of gatt_sr.cc, there is a possible out of bounds write due to a logic error in the code. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
Security Summary
CVE-2024-49747 is a vulnerability in the gatts_process_read_by_type_req function within gatt_sr.cc, part of the Android Bluetooth Low Energy (BLE) GATT server implementation. It arises from a logic error that enables an out-of-bounds write, potentially leading to remote code execution without requiring additional execution privileges.
The vulnerability can be exploited remotely by any unauthenticated attacker over the network via Bluetooth, with low complexity and no need for user interaction. Successful exploitation grants high-impact remote code execution, compromising confidentiality, integrity, and availability, as reflected in its CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and association with CWE-94 (Improper Control of Generation of Code).
The Android Security Bulletin for 2025-01-01 addresses this issue with patches; practitioners should consult https://source.android.com/security/bulletin/2025-01-01 for detailed mitigation steps and update deployment guidance.
Details
- CWE(s)