| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAP6wrbU1KLqRZiEcJMFT5FgetNC1JmkvfsS_MAg+LwLS1L4-tw@mail.gmail.com> Date: Sat, 8 Feb 2020 10:10:54 +0100 From: Marcin Kozlowski <marcinguy@...il.com> To: fulldisclosure@...lists.org Subject: [FD] Critical Bluetooth Vulnerability in Android (CVE-2020-0022) – BlueFrag Hi all, You can read more here, if you didn't hear about it: https://insinuator.net/2020/02/critical-bluetooth-vulnerability-in-android-cve-2020-0022/ Looking at the patch, when I understood it correctly, it seems all you need to send fragmented GAP ACL L2CAP data over HCI: https://android.googlesource.com/platform/system/bt/+/3cb7149d8fed2d7d77ceaa95bf845224c4db3baf Anybody can confirm/deny? Anybody had success on doing it? Starting to work on PoC/Demo to crate such a packets: https://stackoverflow.com/questions/60116790/sending-gap-acl-l2cap-data-packets Don't have a debugable device now though ... For me crashing would be enough. If anybody want to help on this, feel free to contact me directly or via the list/SO. Thanks, _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists