Bluetooth Adapter Exposure in BlueZ by Bluez Project
CVE-2021-3658

6.5MEDIUM

Key Information:

Vendor: Bluez
Status: Bluez
Vendor: CVE Published:; 2 March 2022

🔔 Create Bluez Vulnerability Alert

What is CVE-2021-3658?

The Bluetooth daemon in BlueZ has a flaw where it improperly saves the Discoverable status of Bluetooth adapters. When a device that is set to discoverable is powered down, it retains this discoverable status when powered up again. This presents a security risk, allowing nearby attackers the potential to detect and connect to the device without authorization, compromising the integrity of the Bluetooth stack.

Affected Version(s)

bluez Fixedin - 5.61 and above.

References

https://gitlab.gnome.org/GNOME/gnome-bluetooth/-/issues/89

x_refsource_MISC

https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit...

x_refsource_MISC

https://github.com/bluez/bluez/commit/b497b5942a8beb8f89c...

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 2, 2022
Vulnerability Reserved
Jul 22, 2021

.

CVE-2021-3658 : Bluetooth Adapter Exposure in BlueZ by Bluez Project