Headline
CVE-2021-3658: Device is still discoverable even when gnome bluetooth settings panel is not open (CVE-2021-3658) (#89) · Issues · GNOME / gnome-bluetooth
bluetoothd from bluez incorrectly saves adapters’ Discoverable status when a device is powered down, and restores it when powered up. If a device is powered down while discoverable, it will be discoverable when powered on again. This could lead to inadvertent exposure of the bluetooth stack to physically nearby attackers.
Arch Linux
Gnome: version 40.2.0
Bluez: version 5.59
Kernel: Linux version 5.12.10-arch1-1
I seem to have the exact issue mentioned here #3 (closed) I have bluetooth devices connected but after I close Gnome settings or leave the bluetooth part of settings I would expect the computer to be not discoverable by other devices. However I’ve noticed I can see my laptop and the name I set for it when I open bluetooth scanning on other devices like my Android phone. If there is a fix it’s not working and if there is some sort of file configuration I need to set I don’t know what that would be.
Does anyone here know what would be going on here? And what logs should I even take for this if I need to?
Edited Jul 27, 2021 by
Related news
Dell Streaming Data Platform prior to 1.4 contains Open Redirect vulnerability. An attacker with privileges same as a legitimate user can phish the legitimate the user to redirect to malicious website leading to information disclosure and launch of phishing attacks.
Hello everyone! Great news for my open source Scanvus project! You can now perform vulnerability checks on Linux hosts and docker images not only using the Vulners.com API, but also with the Vulns.io VM API. It’s especially nice that all the code to support the new API was written and contributed by colleagues from Vulns.io. […]