bluetoothd from bluez incorrectly saves adapters' Discoverable status when a device is powered down, and restores it when powered up. If a device is powered down while discoverable, it will be discoverable when powered on again. This could lead to inadvertent exposure of the bluetooth stack to physically proximate attackers.
Related issue: CVE-2018-10910 (bz#1606203).
Upstream commit: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=b497b5942a8
Created bluez tracking bugs for this issue: Affects: fedora-all [bug 1986232]