Fedora Account System
Red Hat Associate
Red Hat Customer
The HID Profile in multiple Bluetooth host stacks may accept connections with the HID control and HID interrupt channels of the HID Host role without MITM protection/mitigation and without user confirmation on the Central role device. This can permit a device like a keyboard (or emulating a keyboard) to successfully connect to a discoverable device without confirmation and permit keystroke injection. Patch: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=25a471a83e02e1effb15d5a488b3f0085eaeb675
Created bluez tracking bugs for this issue: Affects: fedora-all [bug 2253392]
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2024:9413 https://access.redhat.com/errata/RHSA-2024:9413
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:11154 https://access.redhat.com/errata/RHSA-2024:11154