The vulnerability of the config_set_string function in the Android operating system, which allows a hacker to increase their privileges

The vulnerability of the configsetstring function in config.cc in the Android operating system exists due to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to enhance their privileges by connecting a Bluetooth keyboard remotely...

Input validation

In configsetstring of config.cc, it is possible to pair a second BT keyboard without user approval due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android...

CVE-2017-13284

CVE-2017-13284 affects Android (Android 6.0 to 8.1). It is caused by improper input validation in config_set_string of config.cc, allowing a second Bluetooth keyboard to be paired without user approval, leading to remote elevation of privilege with no user interaction required. The Android bullet...

Google Android elevation of privilege vulnerability (CNVD-2018-07850)

Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA. An elevation of privilege vulnerability exists in the configsetstring of the config.cc file in Android, which stems from the program failing to perform input validation correctly....