CVE-2021-3658

EPSS 0.06%
Published 02.03.2022 23:15:08
Last modified 21.11.2024 06:22:05
Source secalert@redhat.com
Teams watchlist Login
Open Login

bluetoothd from bluez incorrectly saves adapters' Discoverable status when a device is powered down, and restores it when powered up. If a device is powered down while discoverable, it will be discoverable when powered on again. This could lead to inadvertent exposure of the bluetooth stack to physically nearby attackers.

Affected products Warnungen 0 Metrics 3 CWE 1 References 8

Data is provided by the National Vulnerability Database (NVD)

Bluez ≫ Bluez Version < 5.61

Fedoraproject ≫ Fedora Version34

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.06%	0.172

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	3.3	6.5	2.9	AV:A/AC:L/Au:N/C:P/I:N/A:N

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

https://bugzilla.redhat.com/show_bug.cgi?id=1984728

Patch

Third Party Advisory

Issue Tracking

https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=b497b5942a8beb8f89ca1c359c54ad67ec843055

Patch

Third Party Advisory

https://github.com/bluez/bluez/commit/b497b5942a8beb8f89ca1c359c54ad67ec843055

Patch

Third Party Advisory

https://gitlab.gnome.org/GNOME/gnome-bluetooth/-/issues/89

Patch