bluetoothd from bluez incorrectly saves adapters' Discoverable status when a device is powered down, and restores it when powered up. If a device is powered down while discoverable, it will be discoverable when powered on again. This could lead to inadvertent exposure of the bluetooth stack to physically nearby attackers.
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1984728 | Issue Tracking Patch Third Party Advisory |
https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=b497b5942a8beb8f89ca1c359c54ad67ec843055 | Patch Third Party Advisory |
https://github.com/bluez/bluez/commit/b497b5942a8beb8f89ca1c359c54ad67ec843055 | Patch Third Party Advisory |
https://gitlab.gnome.org/GNOME/gnome-bluetooth/-/issues/89 | Issue Tracking Patch Third Party Advisory |
https://security.netapp.com/advisory/ntap-20220407-0002/ | Third Party Advisory |
Configurations
History
03 Jun 2022, 16:22
Type | Values Removed | Values Added |
---|---|---|
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20220407-0002/ - Third Party Advisory |
08 Apr 2022, 00:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
10 Mar 2022, 19:12
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=b497b5942a8beb8f89ca1c359c54ad67ec843055 - Patch, Third Party Advisory | |
References | (MISC) https://gitlab.gnome.org/GNOME/gnome-bluetooth/-/issues/89 - Issue Tracking, Patch, Third Party Advisory | |
References | (MISC) https://github.com/bluez/bluez/commit/b497b5942a8beb8f89ca1c359c54ad67ec843055 - Patch, Third Party Advisory | |
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1984728 - Issue Tracking, Patch, Third Party Advisory | |
CPE | cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* cpe:2.3:a:bluez:bluez:*:*:*:*:*:*:*:* |
|
CWE | CWE-863 | |
CVSS |
v2 : v3 : |
v2 : 3.3
v3 : 6.5 |
02 Mar 2022, 23:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-03-02 23:15
Updated : 2024-02-04 22:29
NVD link : CVE-2021-3658
Mitre link : CVE-2021-3658
CVE.ORG link : CVE-2021-3658
JSON object : View
Products Affected
bluez
- bluez
fedoraproject
- fedora
CWE
CWE-863
Incorrect Authorization