CVE-2017-13284

Name of the Vulnerable Software and Affected Versions: Android versions 6.0 through 8.1

Description: The issue exists due to insufficient input validation in the config set string function of config.cc. This allows an attacker to escalate privileges remotely by connecting a Bluetooth keyboard without user approval. No additional execution privileges are needed, and user interaction is not required for exploitation.

Recommendations: For Android versions 6.0 through 8.1, consider disabling the Bluetooth keyboard pairing feature until a patch is available to prevent potential exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.