Android BnBluetoothGattServer / BnBluetoothGatServerCallback IPC Memory Corruption

Discussion in 'News Aggregator' started by Packet Storm, 11 Mar 2016.

  1. Packet Storm

    Packet Storm Guest

    The SEND_RESPONSE_TRANSACTION and SEND_NOTIFICATION_TRANSACTION IPC calls in BnBluetoothGattServer::eek:nTransact are vulnerable to stack corruption which could allow an attacker to locally elevate privileges to the level of the bluetooth service.

    Continue reading...
     
    #1 Packet Storm, 11 Mar 2016
(You must log in or sign up to post here.)

Share This Page

Loading...