Sony XAV-AX8500 Bluetooth AVCTP Protocol Heap-Based Buffer Overflow Remote Code Execution Vulnerability

A heap-based buffer overflow vulnerability has been identified in the Sony XAV-AX8500 Bluetooth AVCTP protocol implementation. This vulnerability allows network-adjacent attackers to execute arbitrary code on the affected device. Exploitation requires the attacker to pair a malicious Bluetooth device with the target system. The vulnerability arises from inadequate validation of user-supplied data length before it is copied to a heap-based buffer, enabling code execution in the context of the current process.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the affected device.

Remediation

Sony has released a firmware update to address this vulnerability. The update can be downloaded from the Sony support website for the XAV-AX8500 model. Users can update the firmware via the Internet using USB tethering with a smartphone or by using a USB storage device and a computer.