cbcvebase.
CVE-2024-49747
published 2025-01-21

CVE-2024-49747: In gatts_process_read_by_type_req of gatt_sr.cc, there is a possible out of bounds write due to a logic error in the code. This could lead to remote code…

PriorityP260critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.46%
36.5th percentile
In gatts_process_read_by_type_req of gatt_sr.cc, there is a possible out of bounds write due to a logic error in the code. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected

17 ranges
VendorProductVersion rangeFixed in
googleandroid
googleandroid
googleandroid
googleandroid
googleandroid
googleandroid
googleandroid
googleandroid
googleandroid
googleandroid
googleandroid
platformpackages_modules_bluetooth>= 13:0 < 13:2025-01-0113:2025-01-01
platformpackages_modules_bluetooth>= 14:0 < 14:2025-01-0114:2025-01-01
platformpackages_modules_bluetooth>= 15-next:0 < 15-next:2025-01-0115-next:2025-01-01
platformpackages_modules_bluetooth>= 15:0 < 15:2025-01-0115:2025-01-01
platformsystem_bt>= 12:0 < 12:2025-01-0112:2025-01-01
platformsystem_bt>= 12L:0 < 12L:2025-01-0112L:2025-01-01

Detection & IOCsextracted from sources · hover to see the quote

  • Vulnerability is in the Bluetooth GATT server function `gatts_process_read_by_type_req` in `gatt_sr.cc` — monitor for anomalous Bluetooth GATT Read By Type Request traffic targeting Android devices, particularly crafted ATT requests that could trigger out-of-bounds writes in the GATT server layer.
  • No user interaction is required and no additional privileges are needed — the attack surface is purely remote over Bluetooth, making any unauthenticated GATT Read By Type Request to an affected Android device a potential exploitation vector.
  • Affected Android versions are 12, 12L, 13, 14, and 15 — prioritize detection and patching on devices running these AOSP versions exposed via Bluetooth.
  • ·This is a CRITICAL-severity RCE with no privileges or user interaction required, addressed in the Android Security Bulletin dated 2025-01-01. Patch availability is tied to OEM distribution; unpatched devices remain fully exposed over Bluetooth without any user action.
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.