Bug 2253391 (CVE-2023-45866) - CVE-2023-45866 bluez: unauthorized HID device connections allows keystroke injection and arbitrary commands execution
Summary: CVE-2023-45866 bluez: unauthorized HID device connections allows keystroke in...
Keywords:
Status: NEW
Alias: CVE-2023-45866
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2253392
Blocks: 2253393
TreeView+ depends on / blocked
 
Reported: 2023-12-07 05:02 UTC by TEJ RATHI
Modified: 2023-12-18 05:12 UTC (History)
0 users

Fixed In Version:
Doc Type: ---
Doc Text:
A flaw was found in the HID Profile in BlueZ that opens doors for unauthorized connections, especially by devices like keyboards, to inject keystrokes without user confirmation. BlueZ lacks proper restrictions on non-bonded devices, creating a risk for attackers that are physically close to inject keystrokes and execute arbitrary commands when the device is in a discoverable state.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description TEJ RATHI 2023-12-07 05:02:07 UTC 
The HID Profile in multiple Bluetooth host stacks may accept connections with the HID control and HID interrupt channels of the HID Host role without MITM protection/mitigation and without user confirmation on the Central role device. This can permit a device like a keyboard (or emulating a keyboard) to successfully connect to a discoverable device without confirmation and permit keystroke injection.

Patch: 
https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=25a471a83e02e1effb15d5a488b3f0085eaeb675
Comment 1 TEJ RATHI 2023-12-07 05:02:27 UTC 
Created bluez tracking bugs for this issue:

Affects: fedora-all [bug 2253392]
Note You need to log in before you can comment on or make changes to this bug.