Sony XAV-AX8500 Bluetooth Packet Handling Integer Overflow Remote Code Execution Vulnerability

A remote code execution vulnerability has been identified in the Sony XAV-AX8500 media receiver, stemming from an integer overflow in the Bluetooth packet handling process. This issue allows network-adjacent attackers to execute arbitrary code on the device by first pairing a malicious Bluetooth device with it. The vulnerability arises from inadequate validation of user-supplied data, leading to the overflow before data is written to memory. Exploitation of this flaw allows code execution within the context of the elysian-bt-service process.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the affected device.

Remediation

Sony has released a firmware update to address this vulnerability. The update can be downloaded from the Sony support website for the XAV-AX8500 model. Users can update the firmware via the Internet using USB tethering with their smartphone or by using a USB storage device and their computer.