Bug 1606203 (CVE-2018-10910) - CVE-2018-10910 bluez: failure in disabling Bluetooth discoverability in certain cases may lead to the unauthorized pairing of Bluetooth devices
Summary: CVE-2018-10910 bluez: failure in disabling Bluetooth discoverability in certa...
Status: NEW
Alias: CVE-2018-10910
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
Depends On: 1606371 1606373 1609340
Blocks: 1594633
TreeView+ depends on / blocked
Reported: 2018-07-20 18:55 UTC by Scott Gayou
Modified: 2019-09-29 14:45 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A bug in Bluez may allow for the Bluetooth Discoverable state being set to on when no Bluetooth agent is registered with the system. This situation could lead to the unauthorized pairing of certain Bluetooth devices without any form of authentication.
Clone Of:
Last Closed:

Attachments (Terms of Use)

Description Scott Gayou 2018-07-20 18:55:53 UTC
A bug in bluez prevents the disabling of Bluetooth discoverability. In certain situations, this flaw could potentially lead to the unauthorized pairing of Bluetooth devices.


Comment 1 Scott Gayou 2018-07-20 19:39:13 UTC
Upstream workaround in gnome-bluetooth: https://gitlab.gnome.org/GNOME/gnome-bluetooth/commit/6b5086d42ea64d46277f3c93b43984f331d12f89

Note that the actual bug is not in gnome-bluetooth.

RHEL is not affected as RHEL-7 is running Gnome 3.26, which is not impacted.

Comment 2 Scott Gayou 2018-07-20 19:41:02 UTC
Created bluez tracking bugs for this issue:

Affects: fedora-all [bug 1606371]

Comment 5 Scott Gayou 2018-07-24 15:58:02 UTC

Name: Chris Marchesi

Comment 8 Scott Gayou 2018-07-30 14:48:54 UTC

Disable Bluetooth.

Comment 9 Scott Gayou 2018-08-09 18:14:10 UTC
It appears that a fix was merged upstream and may be available in a future release of BlueZ 5.51. gnome-bluetooth-3.28.2 will take advantage of this fix.

Note You need to log in before you can comment on or make changes to this bug.