CVE-2020-0022

Name of the Vulnerable Software and Affected Versions Android versions 8.0 through 10

Description The issue is related to a possible out of bounds write due to an incorrect bounds calculation in the Bluetooth stack, which could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. This could potentially be exploited to create worms that affect neighboring devices.

Recommendations For Android versions 8.0 through 10, apply the February 2020 security patch to resolve the issue. As a temporary workaround, consider disabling Bluetooth to minimize the risk of exploitation. Restrict access to the Bluetooth stack to minimize the risk of exploitation. Avoid using vulnerable Bluetooth functions until the issue is resolved.