CVE-2021-3658
https://notcve.org/view.php?id=CVE-2021-3658
bluetoothd from bluez incorrectly saves adapters' Discoverable status when a device is powered down, and restores it when powered up. If a device is powered down while discoverable, it will be discoverable when powered on again. This could lead to inadvertent exposure of the bluetooth stack to physically nearby attackers. bluetoothd de bluez guarda incorrectamente el estado Discoverable de los adaptadores cuando es apagado un dispositivo, y lo restaura cuando es encendido. Si un dispositivo es apagado mientras es detectado, será detectado cuando es encendido de nuevo. Esto podría conllevar a una exposición inadvertida de la pila bluetooth a atacantes físicamente cercanos • https://bugzilla.redhat.com/show_bug.cgi?id=1984728 https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=b497b5942a8beb8f89ca1c359c54ad67ec843055 https://github.com/bluez/bluez/commit/b497b5942a8beb8f89ca1c359c54ad67ec843055 https://gitlab.gnome.org/GNOME/gnome-bluetooth/-/issues/89 https://security.netapp.com/advisory/ntap-20220407-0002 • CWE-863: Incorrect Authorization •
CVE-2021-41229 – Memory leak in BlueZ
https://notcve.org/view.php?id=CVE-2021-41229
BlueZ is a Bluetooth protocol stack for Linux. In affected versions a vulnerability exists in sdp_cstate_alloc_buf which allocates memory which will always be hung in the singly linked list of cstates and will not be freed. This will cause a memory leak over time. The data can be a very large object, which can be caused by an attacker continuously sending sdp packets and this may cause the service of the target device to crash. BlueZ es una pila de protocolos Bluetooth para Linux. • https://github.com/bluez/bluez/security/advisories/GHSA-3fqg-r8j5-f5xq https://lists.debian.org/debian-lts-announce/2021/11/msg00022.html https://lists.debian.org/debian-lts-announce/2022/10/msg00026.html https://security.netapp.com/advisory/ntap-20211203-0004 https://access.redhat.com/security/cve/CVE-2021-41229 https://bugzilla.redhat.com/show_bug.cgi?id=2025034 • CWE-400: Uncontrolled Resource Consumption CWE-401: Missing Release of Memory after Effective Lifetime •