Security researchers from Google have found a new set of zero-click vulnerabilities in the Linux Bluetooth software stack. They can allow a nearby unauthenticated, remote attacker to execute arbitrary code with kernel privileges on vulnerable devices.
The flaws reside in the open-source BlueZ protocol stack. It offers support for many of the core Bluetooth layers and protocols for Linux-based systems such as laptops and IoT devices. The researchers say:
„A remote attacker in short distance knowing the victim’s [Bluetooth device] address can send a malicious l2cap packet and cause denial of service or possibly arbitrary code execution with kernel privileges. Malicious Bluetooth chips can trigger the vulnerability as well.“