CVE-2020-0022: 
NixOS vulnerability analysis and mitigation

CVE-2020-0022, also known as BlueFrag, is a critical Bluetooth vulnerability discovered in Android's Bluetooth component. The vulnerability was identified in the reassemble_and_dispatch function of packet_fragmenter.cc, affecting Android versions 8.0, 8.1, 9, and 10. The flaw was discovered and reported to Google by experts from German cyber-security firm ERNW and was publicly disclosed in February 2020 (ZDNET).

The vulnerability stems from an incorrect bounds calculation in the reassemble_and_dispatch function of packet_fragmenter.cc, which could lead to an out-of-bounds write condition. The issue occurs when processing fragmented GAP ACL L2CAP data over HCI. On Android 10, the vulnerability only causes a crash of the Bluetooth daemon, while on Android 8 and 9, it can lead to code execution. The vulnerability requires only the Bluetooth MAC address of the target device, which in some cases can be derived from the WiFi MAC address (ZDNET).

The vulnerability allows attackers to execute arbitrary code with the privileges of the Bluetooth daemon without requiring any user interaction. This remote code execution capability could lead to theft of personal data and potentially be used to spread malware in a worm-like fashion, creating self-spreading Bluetooth worms (ZDNET).

Google released patches for this vulnerability in the Android February 2020 Security Bulletin. For users unable to update their devices, recommended mitigations include only enabling Bluetooth when strictly necessary and keeping devices non-discoverable. Most devices are only discoverable when entering the Bluetooth scanning menu, though some older phones might be permanently discoverable (ZDNET, Huawei Advisory).