← Back to CVEs
CVE-2021-3658
MEDIUM6.5
Description
bluetoothd from bluez incorrectly saves adapters' Discoverable status when a device is powered down, and restores it when powered up. If a device is powered down while discoverable, it will be discoverable when powered on again. This could lead to inadvertent exposure of the bluetooth stack to physically nearby attackers.
CVE Details
CVSS v3.1 Score6.5
SeverityMEDIUM
CVSS VectorCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack VectorADJACENT_NETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published3/2/2022
Last Modified4/15/2026
Sourcenvd
Honeypot Sightings0
Affected Products
bluez:bluezfedoraproject:fedora
Weaknesses (CWE)
CWE-863CWE-863
References
https://bugzilla.redhat.com/show_bug.cgi?id=1984728(secalert@redhat.com)
https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=b497b5942a8beb8f89ca1c359c54ad67ec843055(secalert@redhat.com)
https://github.com/bluez/bluez/commit/b497b5942a8beb8f89ca1c359c54ad67ec843055(secalert@redhat.com)
https://gitlab.gnome.org/GNOME/gnome-bluetooth/-/issues/89(secalert@redhat.com)
https://security.netapp.com/advisory/ntap-20220407-0002/(secalert@redhat.com)
https://bugzilla.redhat.com/show_bug.cgi?id=1984728(af854a3a-2127-422b-91ae-364da2661108)
https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=b497b5942a8beb8f89ca1c359c54ad67ec843055(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/bluez/bluez/commit/b497b5942a8beb8f89ca1c359c54ad67ec843055(af854a3a-2127-422b-91ae-364da2661108)
https://gitlab.gnome.org/GNOME/gnome-bluetooth/-/issues/89(af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2024/09/msg00022.html(af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20220407-0002/(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.