A bug in bluez prevents the disabling of Bluetooth discoverability. In certain situations, this flaw could potentially lead to the unauthorized pairing of Bluetooth devices. References: https://bugzilla.redhat.com/show_bug.cgi?id=1602985
Upstream workaround in gnome-bluetooth: https://gitlab.gnome.org/GNOME/gnome-bluetooth/commit/6b5086d42ea64d46277f3c93b43984f331d12f89 Note that the actual bug is not in gnome-bluetooth. RHEL is not affected as RHEL-7 is running Gnome 3.26, which is not impacted.
Created bluez tracking bugs for this issue: Affects: fedora-all [bug 1606371]
Acknowledgments: Name: Chris Marchesi
Mitigation: Disable Bluetooth.
It appears that a fix was merged upstream and may be available in a future release of BlueZ 5.51. gnome-bluetooth-3.28.2 will take advantage of this fix.
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:1101 https://access.redhat.com/errata/RHSA-2020:1101
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2018-10910
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:1912 https://access.redhat.com/errata/RHSA-2020:1912