Launchpad.net

CVE 2018-10910

A bug in Bluez may allow for the Bluetooth Discoverable state being set to on when no Bluetooth agent is registered with the system. This situation could lead to the unauthorized pairing of certain Bluetooth devices without any form of authentication. Versions before bluez 5.51 are vulnerable.

Related bugs and status

CVE-2018-10910 (Candidate) is related to these bugs:

Bug #1791405: bluetooth always in discoverable mode (security issue)

		In	Importance	Status
1791405	bluetooth always in discoverable mode (security issue)	gnome-bluetooth (Ubuntu)	Medium	Fix Released
1791405	bluetooth always in discoverable mode (security issue)	gnome-bluetooth (Fedora)	Undecided	Won't Fix
1791405	bluetooth always in discoverable mode (security issue)	gnome-bluetooth (Ubuntu Disco)	Medium	Fix Released
1791405	bluetooth always in discoverable mode (security issue)	gnome-bluetooth (Ubuntu Cosmic)	Medium	Fix Released
1791405	bluetooth always in discoverable mode (security issue)	gnome-bluetooth (Ubuntu Bionic)	Medium	Fix Released
1791405	bluetooth always in discoverable mode (security issue)	bluez (Ubuntu)	Medium	Triaged
1791405	bluetooth always in discoverable mode (security issue)	gnome-bluetooth (Ubuntu Focal)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: https://usn.ubuntu.com...
MISC: https://bugzilla.redha...