BleedingBit affects Wi-Fi access points.
Armis reports finding two zero-day flaws in Texas Instruments' Bluetooth Low-Energy chips. These are widely used in Wi-Fi access points, including enterprise access points like those manufactured by Aruba, Cisco and Meraki. Armis calls the issue "Bleeding Bit."
The first of the two flaws involves flipping the highest bit in a Bluetooth packet, thus causing a memory overflow—causing the memory to "bleed." Once the device is in that condition, it's possible for an attacker to run malicious code on an affected device. This problem affects Cisco and Meraki equipment. The other bug exploits the device's failure to properly authenticate apparent trusted firmware updates. This problem affects Aruba devices. The absence of proper checks could enable an attacker to install malicious firmware.
This sounds like, and has been characterized as, a remote code execution vulnerability, but as TechCrunch points out, that's not literally true, since the flaw can't be exploited over the Internet. An attacker would have to be within Wi-Fi range, which is typically a hundred meters or less, perhaps greater with a good directional antenna. It's enough range for a wardriver parked next to an office building, for example. Once connected, an attacker can gain access to any network using the Wi-Fi access point.
Texas Instruments and the device manufacturers have issued patches since the vulnerability was disclosed to them in July. Texas Instruments has criticized Armis, which hasn't published exploit code, for allegedly exaggerating and misrepresenting the issue (TechCrunch), but Texas Instruments has nonetheless patched. Cisco and Aruba also have patches available (Threatpost).