CVE-2021-3658

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2021-3658
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-3658.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2021-3658
Downstream
Related
Published
2022-03-02T23:15:08.787Z
Modified
2025-11-14T12:06:49.842439Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

bluetoothd from bluez incorrectly saves adapters' Discoverable status when a device is powered down, and restores it when powered up. If a device is powered down while discoverable, it will be discoverable when powered on again. This could lead to inadvertent exposure of the bluetooth stack to physically nearby attackers.

References

Affected packages

Git / github.com/bluez/bluez

Affected ranges

Type
GIT
Repo
https://github.com/bluez/bluez
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
b497b5942a8beb8f89ca1c359c54ad67ec843055

Affected versions

4.*

4.0
4.1
4.10
4.100
4.101
4.11
4.12
4.13
4.14
4.15
4.16
4.17
4.18
4.19
4.2
4.20
4.21
4.22
4.23
4.24
4.25
4.26
4.27
4.28
4.29
4.3
4.30
4.31
4.32
4.33
4.34
4.35
4.36
4.37
4.38
4.39
4.4
4.40
4.41
4.42
4.43
4.44
4.45
4.46
4.47
4.48
4.49
4.5
4.50
4.51
4.52
4.53
4.54
4.55
4.56
4.57
4.58
4.59
4.6
4.60
4.61
4.62
4.63
4.64
4.65
4.66
4.67
4.68
4.69
4.7
4.70
4.71
4.72
4.73
4.74
4.75
4.76
4.77
4.78
4.79
4.8
4.80
4.81
4.82
4.83
4.84
4.85
4.86
4.87
4.88
4.89
4.9
4.90
4.91
4.92
4.93
4.94
4.95
4.96
4.97
4.98
4.99

5.*

5.0
5.1
5.10
5.11
5.12
5.13
5.14
5.15
5.16
5.17
5.18
5.19
5.2
5.20
5.21
5.22
5.23
5.24
5.25
5.26
5.27
5.28
5.29
5.3
5.30
5.31
5.32
5.33
5.34
5.35
5.36
5.37
5.38
5.39
5.4
5.40
5.41
5.42
5.43
5.44
5.45
5.46
5.47
5.48
5.49
5.5
5.50
5.51
5.52
5.53
5.54
5.55
5.56
5.57
5.58
5.59
5.6
5.60
5.7
5.8
5.9

libs-2.*

libs-2.0
libs-2.0-pre10
libs-2.0-pre7
libs-2.0-pre8
libs-2.0-pre9
libs-2.1
libs-2.10
libs-2.11
libs-2.12
libs-2.13
libs-2.14
libs-2.15
libs-2.16
libs-2.17
libs-2.18
libs-2.19
libs-2.2
libs-2.20
libs-2.21
libs-2.22
libs-2.23
libs-2.24
libs-2.25
libs-2.3
libs-2.4
libs-2.5
libs-2.6
libs-2.7
libs-2.8
libs-2.9

libs-3.*

libs-3.0
libs-3.1
libs-3.10
libs-3.11
libs-3.12
libs-3.13
libs-3.14
libs-3.15
libs-3.16
libs-3.17
libs-3.18
libs-3.19
libs-3.2
libs-3.20
libs-3.21
libs-3.22
libs-3.23
libs-3.24
libs-3.25
libs-3.26
libs-3.27
libs-3.28
libs-3.29
libs-3.3
libs-3.30
libs-3.31
libs-3.32
libs-3.33
libs-3.34
libs-3.35
libs-3.36
libs-3.4
libs-3.5
libs-3.6
libs-3.7
libs-3.8
libs-3.9

utils-2.*

utils-2.0
utils-2.0-pre10
utils-2.0-pre11
utils-2.0-pre12
utils-2.0-pre7
utils-2.0-pre8
utils-2.0-pre9
utils-2.1
utils-2.10
utils-2.11
utils-2.12
utils-2.13
utils-2.14
utils-2.15
utils-2.16
utils-2.17
utils-2.18
utils-2.19
utils-2.2
utils-2.20
utils-2.21
utils-2.22
utils-2.23
utils-2.24
utils-2.25
utils-2.3
utils-2.4
utils-2.5
utils-2.6
utils-2.7
utils-2.8
utils-2.9

utils-3.*

utils-3.0
utils-3.1
utils-3.10
utils-3.10.1
utils-3.11
utils-3.12
utils-3.13
utils-3.14
utils-3.15
utils-3.16
utils-3.17
utils-3.18
utils-3.19
utils-3.2
utils-3.20
utils-3.21
utils-3.22
utils-3.23
utils-3.24
utils-3.25
utils-3.26
utils-3.27
utils-3.28
utils-3.29
utils-3.3
utils-3.30
utils-3.31
utils-3.32
utils-3.33
utils-3.34
utils-3.35
utils-3.36
utils-3.4
utils-3.5
utils-3.6
utils-3.6.1
utils-3.7
utils-3.8
utils-3.9

Database specific

vanir_signatures

[
    {
        "digest": {
            "length": 1061.0,
            "function_hash": "172027338237442028981457552073053210895"
        },
        "target": {
            "file": "src/adapter.c",
            "function": "settings_changed"
        },
        "source": "https://github.com/bluez/bluez/commit/b497b5942a8beb8f89ca1c359c54ad67ec843055",
        "id": "CVE-2021-3658-0c766298",
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Function"
    },
    {
        "digest": {
            "length": 658.0,
            "function_hash": "199595814707437147550770859530159079118"
        },
        "target": {
            "file": "src/adapter.c",
            "function": "discovery_stop"
        },
        "source": "https://github.com/bluez/bluez/commit/b497b5942a8beb8f89ca1c359c54ad67ec843055",
        "id": "CVE-2021-3658-1b478c07",
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Function"
    },
    {
        "digest": {
            "length": 884.0,
            "function_hash": "57237209113128885327700725533408695124"
        },
        "target": {
            "file": "src/adapter.c",
            "function": "adapter_stop"
        },
        "source": "https://github.com/bluez/bluez/commit/b497b5942a8beb8f89ca1c359c54ad67ec843055",
        "id": "CVE-2021-3658-255cac33",
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Function"
    },
    {
        "digest": {
            "length": 798.0,
            "function_hash": "215979409219665248096667193507816966873"
        },
        "target": {
            "file": "src/adapter.c",
            "function": "update_discovery_filter"
        },
        "source": "https://github.com/bluez/bluez/commit/b497b5942a8beb8f89ca1c359c54ad67ec843055",
        "id": "CVE-2021-3658-297e66dd",
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Function"
    },
    {
        "digest": {
            "line_hashes": [
                "104963158307056949970478967016227532226",
                "8317727962398119407694419342329404763",
                "175054941858700326123829779280039261289",
                "251423948320023549285677037730184888090",
                "12383206230189842888959702628075866467",
                "20390998104180392456583877290186598934",
                "293449557786167649077905277248810166294",
                "279746179832303866084162767381354546838",
                "6132234258970871568308376810271159734",
                "125370935030374927247098034432961599817",
                "93995179838233683689132522363768980786",
                "143542901489466510333381450696622781082",
                "321803935910930282280658943519637646925",
                "182699486257270206849675125404156334454",
                "74093005512484253079730087572995644321",
                "29381542872701219824715949462673746146",
                "12382800406218439269835812647535154854",
                "120146882866845834554881232910048718501",
                "318224308502749218959302652079401459729",
                "170924521707944439506502293211221553803",
                "106877442399903015343127233090525467813",
                "73553654635103188591430240571473489102",
                "191387600899533796202078086118715612356",
                "286395407552482058087899055423815776317",
                "298862074986819470553649304418046728791",
                "96002444711225654149319199652217768750",
                "327020276478737271472315511011154976805"
            ],
            "threshold": 0.9
        },
        "target": {
            "file": "src/adapter.c"
        },
        "source": "https://github.com/bluez/bluez/commit/b497b5942a8beb8f89ca1c359c54ad67ec843055",
        "id": "CVE-2021-3658-7a00089e",
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Line"
    }
]