USN-6540-1: BlueZ vulnerability
7 December 2023
BlueZ could be made to give a physically proximate attacker keyboard and mouse control of a computer.
- bluez - Bluetooth tools and daemons
It was discovered that BlueZ did not properly restrict non-bonded devices
from injecting HID events into the input subsystem. This could allow a
physically proximate attacker to inject keystrokes and execute arbitrary
commands whilst the device is discoverable.
The problem can be corrected by updating your system to the following package versions:
In general, a standard system update will make all the necessary changes.