bluetoothd from bluez incorrectly saves adapters' Discoverable status when a device is powered down, and restores it when powered up. If a device is powered down while discoverable, it will be discoverable when powered on again. This could lead to inadvertent exposure of the bluetooth stack to physically proximate attackers.
Related issue: CVE-2018-10910 (bz#1606203).
Created bluez tracking bugs for this issue:
Affects: fedora-all [bug 1986232]