Sony XAV-AX8500 Bluetooth L2CAP Protocol Heap-Based Buffer Overflow Remote Code Execution Vulnerability

A heap-based buffer overflow vulnerability has been identified in the Sony XAV-AX8500 Bluetooth L2CAP protocol implementation. This vulnerability allows network-adjacent attackers to execute arbitrary code on the affected device. Exploitation requires the ability to pair a malicious Bluetooth device with the target system. The flaw arises from inadequate validation of user-supplied data length before it is copied to a heap-based buffer, enabling attackers to execute code within the context of the elysian-bt-service process.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the affected device.

Remediation

Sony has released a firmware update to address this vulnerability. The update can be downloaded from the Sony support website for the XAV-AX8500 model. Users can update the firmware via the Internet using USB tethering with their smartphone or by using a USB storage device and their computer.