cbcvebase.
CVE-2024-49748
published 2025-01-21

CVE-2024-49748: In gatts_process_primary_service_req of gatt_sr.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code…

PriorityP262critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.41%
32.6th percentile
In gatts_process_primary_service_req of gatt_sr.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected

17 ranges
VendorProductVersion rangeFixed in
googleandroid
googleandroid
googleandroid
googleandroid
googleandroid
googleandroid
googleandroid
googleandroid
googleandroid
googleandroid
googleandroid
platformpackages_modules_bluetooth>= 13:0 < 13:2025-01-0113:2025-01-01
platformpackages_modules_bluetooth>= 14:0 < 14:2025-01-0114:2025-01-01
platformpackages_modules_bluetooth>= 15-next:0 < 15-next:2025-01-0115-next:2025-01-01
platformpackages_modules_bluetooth>= 15:0 < 15:2025-01-0115:2025-01-01
platformsystem_bt>= 12:0 < 12:2025-01-0112:2025-01-01
platformsystem_bt>= 12L:0 < 12L:2025-01-0112L:2025-01-01

Detection & IOCsextracted from sources · hover to see the quote

  • Vulnerability is in the function `gatts_process_primary_service_req` within `gatt_sr.cc` — monitor for heap buffer overflow conditions in the Android GATT server processing path, particularly during primary service request handling over Bluetooth.
  • No user interaction is required and no additional privileges are needed — this is a zero-click remote attack vector over Bluetooth GATT, making it exploitable by any nearby Bluetooth device without pairing or user action.
  • Affected Android versions are 12, 12L, 13, 14, and 15 — prioritize detection and patching on devices running these AOSP versions; the vulnerability is rated CRITICAL RCE.
  • ·The Android Security Bulletin internal tracking reference is A-364025411; patch availability is tied to the 2025-01-01 Android Security Bulletin.
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.