A vulnerability called BlueFrag was found in some Android systems. A remote attacker within proximity could exploit the vulnerability by sending a specially crafted transmission to an affected system while the Bluetooth is enabled.
Successful exploitation could lead to arbitrary command execution or denial of service on an affected system.
Some manufacturers have fixed or have planned to fix the vulnerabilities in their Android systems as listed below. The list is not exhaustive and it is recommended to consult the product vendors to confirm the availability of patches. If patches are available, users should upgrade to the fixed versions or follow the recommendations provided by the product vendors to mitigate the risk.
Users are also advised to follow the security best practice to disable the Bluetooth connection when not in use.
https://source.android.com/security/bulletin/2020-02-01
https://www.hkcert.org/my_url/en/alert/20020401
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0022