CVE-2021-3658

EPSS 0.07%
Veröffentlicht 02.03.2022 23:15:08
Zuletzt bearbeitet 04.11.2025 16:15:43
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

bluetoothd from bluez incorrectly saves adapters' Discoverable status when a device is powered down, and restores it when powered up. If a device is powered down while discoverable, it will be discoverable when powered on again. This could lead to inadvertent exposure of the bluetooth stack to physically nearby attackers.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 9

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Bluez ≫ Bluez Version < 5.61

Fedoraproject ≫ Fedora Version34

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.07%	0.214

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	3.3	6.5	2.9	AV:A/AC:L/Au:N/C:P/I:N/A:N

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

https://bugzilla.redhat.com/show_bug.cgi?id=1984728

Patch

Third Party Advisory

Issue Tracking

https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=b497b5942a8beb8f89ca1c359c54ad67ec843055

Patch

Third Party Advisory

https://github.com/bluez/bluez/commit/b497b5942a8beb8f89ca1c359c54ad67ec843055

Patch

Third Party Advisory

https://gitlab.gnome.org/GNOME/gnome-bluetooth/-/issues/89

Patch