CVE-2017-13284 : Injection in configuration file

Hey ! Android Bulletin Security of April is now released and I am authorized to talk about my last (and first \o/) CVE I found in the bluedroid Android subsystem. The vulnerability CVE-2017-13284 affects all versions from 6.0 and is rated as Critical. It is described as following: In config_set_string of config.cc, it is possible to pair a second BT…