CVE-2024-49747
published 2025-01-21CVE-2024-49747: In gatts_process_read_by_type_req of gatt_sr.cc, there is a possible out of bounds write due to a logic error in the code. This could lead to remote code…
PriorityP260critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.46%
36.5th percentile
In gatts_process_read_by_type_req of gatt_sr.cc, there is a possible out of bounds write due to a logic error in the code. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
Affected
17 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| platform | packages_modules_bluetooth | >= 13:0 < 13:2025-01-01 | 13:2025-01-01 |
| platform | packages_modules_bluetooth | >= 14:0 < 14:2025-01-01 | 14:2025-01-01 |
| platform | packages_modules_bluetooth | >= 15-next:0 < 15-next:2025-01-01 | 15-next:2025-01-01 |
| platform | packages_modules_bluetooth | >= 15:0 < 15:2025-01-01 | 15:2025-01-01 |
| platform | system_bt | >= 12:0 < 12:2025-01-01 | 12:2025-01-01 |
| platform | system_bt | >= 12L:0 < 12L:2025-01-01 | 12L:2025-01-01 |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerability is in the Bluetooth GATT server function `gatts_process_read_by_type_req` in `gatt_sr.cc` — monitor for anomalous Bluetooth GATT Read By Type Request traffic targeting Android devices, particularly crafted ATT requests that could trigger out-of-bounds writes in the GATT server layer. ↗
- →No user interaction is required and no additional privileges are needed — the attack surface is purely remote over Bluetooth, making any unauthenticated GATT Read By Type Request to an affected Android device a potential exploitation vector. ↗
- →Affected Android versions are 12, 12L, 13, 14, and 15 — prioritize detection and patching on devices running these AOSP versions exposed via Bluetooth. ↗
- ·This is a CRITICAL-severity RCE with no privileges or user interaction required, addressed in the Android Security Bulletin dated 2025-01-01. Patch availability is tied to OEM distribution; unpatched devices remain fully exposed over Bluetooth without any user action. ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Android
CVE-2024-49747: Android Security Bulletin 2025-01-01
CVE: CVE-2024-49747
Severity: CRITICAL
Type: RCE
Affected AOSP versions: 12, 12L, 13, 14, 15
References: A-364027
vendor_android·2025-01-01·CVSS 9.8
CVE-2024-49747 [CRITICAL] CVE-2024-49747: Android Security Bulletin 2025-01-01
CVE: CVE-2024-49747
Severity: CRITICAL
Type: RCE
Affected AOSP versions: 12, 12L, 13, 14, 15
References: A-364027
Android Security Bulletin 2025-01-01
CVE: CVE-2024-49747
Severity: CRITICAL
Type: RCE
Affected AOSP versions: 12, 12L, 13, 14, 15
References: A-364027038
GHSA
GHSA-p2xw-hr6c-g7h5: In gatts_process_read_by_type_req of gatt_sr
ghsa_unreviewed·2025-01-22
CVE-2024-49747 [CRITICAL] CWE-787 GHSA-p2xw-hr6c-g7h5: In gatts_process_read_by_type_req of gatt_sr
In gatts_process_read_by_type_req of gatt_sr.cc, there is a possible out of bounds write due to a logic error in the code. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
OSV
CVE-2024-49747: In gatts_process_read_by_type_req of gatt_sr
osv·2025-01-01
CVE-2024-49747 CVE-2024-49747: In gatts_process_read_by_type_req of gatt_sr
In gatts_process_read_by_type_req of gatt_sr.cc, there is a possible out of bounds write due to a logic error in the code. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-01-21
Published