Moradek

**Name of the Vulnerable Software and Affected Versions** Sony XAV-AX8500 (affected versions not specified) **Description** The issue concerns an improper isolation authentication bypass vulnerability in the Bluetooth functionality. It was discovered by Mikhail Evdokimov from PCAutomotive. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Sony XAV-AX8500 (affected versions not specified) **Description** The issue is related to an integer overflow in the Bluetooth SDP protocol, which can lead to remote code execution. This was demonstrated at Pwn2Own. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Sony XAV-AX8500 (affected versions not specified) **Description** The issue is related to a heap-based buffer overflow in the Bluetooth AVCTP protocol, which can lead to remote code execution. This was demonstrated at Pwn2Own. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Alpine iLX-507 (affected versions not specified) **Description** A stack-based buffer overflow vulnerability exists in the Apple CarPlay protocol implementation of the Alpine iLX-507. This flaw allows a physically present attacker to execute arbitrary code on affected devices without authentication. The vulnerability is due to insufficient validation of user-supplied data length before copying it into a fixed-length stack-based buffer, potentially leading to code execution in the context of root. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.