CVE-2018-10910

Published: 24 July 2018

A bug in Bluez may allow for the Bluetooth Discoverable state being set to on when no Bluetooth agent is registered with the system. This situation could lead to the unauthorized pairing of certain Bluetooth devices without any form of authentication. Versions before bluez 5.51 are vulnerable.

Priority

Low

CVSS 3 base score: 3.3

Status

Package Release Status
bluez
Launchpad, Ubuntu, Debian
Upstream
Released (5.51)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(5.52-0ubuntu2)
Ubuntu 18.04 LTS (Bionic Beaver) Ignored

Ubuntu 16.04 LTS (Xenial Xerus) Ignored

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was needed)
Patches:
Upstream: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=2796d545e82659541333050557d5dbb89a295ae7
Upstream: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=ee863d9d5dd45b183ba6b0b45455498cd88b8663
Upstream: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=6324acf2012ec444f67c73a42d3991064a69eec6
Upstream: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=45969a7a7335eaa47c52b76b9e32c28d680dc031
Upstream: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=bbf1cd0102a4de658ca596dddb48713124f1fd41
Upstream: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=d04eb02f9bad8795297210ef80e262be16ea8f07
Upstream: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=170ff3b81fdd9902c0b41bfd37ea0090cdb22830
Upstream: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=9a57d90628224fa6525e4eebf1e97f713918bb3b
Upstream: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=4f162b557a963cc21f7f1933e9abf3876f283b38
gnome-bluetooth
Launchpad, Ubuntu, Debian
Upstream
Released (3.28.1)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(3.28.2-3)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (3.28.0-2ubuntu0.1)
Ubuntu 16.04 LTS (Xenial Xerus) Not vulnerable
(3.18.2-1ubuntu2)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [3.8.2.1-0ubuntu4.2])

Notes

AuthorNote
mdeslaur
actual bug in bluez, but there is a work-around in gnome-bluetooth
https://gitlab.gnome.org/GNOME/gnome-bluetooth/commit/6b5086d42ea64d46277f3c93b43984f331d12f89
gnome-bluetooth <=3.26 used synchronous d-bus calls, so the
issue doesn't present itself
the bluez patches add new functionnality that newer versions of
gnome-bluetooth can use to fix this issue. Since the
workaround was applied to gnome-bluetooth, we aren't going to
add these commits to bluez. Marking as ignored.

References

Bugs