OpenSynergy BlueSDK Bluetooth Stack Use-After-Free Vulnerability Leading to Remote Code Execution

A use-after-free vulnerability has been identified in the OpenSynergy BlueSDK Bluetooth stack, affecting versions through 6.x. This vulnerability arises from the Bluetooth stack's failure to validate the existence of an object before performing operations on it. An attacker can exploit this flaw to achieve remote code execution, executing arbitrary code in the context of the user account under which the Bluetooth process operates.

Impact

Exploitation of this vulnerability allows for remote code execution on the affected device, with the executed code running under the user account associated with the Bluetooth process.

Reproduction

The vulnerability can be reproduced on devices with OpenSynergy BlueSDK integrated into their Bluetooth stack, particularly in-vehicle infotainment systems. After pairing, the vulnerability can be exploited to gain a reverse shell over TCP/IP, with the Bluetooth process running under user permissions.

Remediation

OpenSynergy has released patches for this vulnerability, which are available to customers. However, not all automotive manufacturers have applied the patch yet.