medium
4.5
CWE
863
Advisory Published
CVE Published
CVE Published
Updated

CVE-2018-10910

First published: Fri Jul 20 2018(Updated: )

A bug in Bluez may allow for the Bluetooth Discoverable state being set to on when no Bluetooth agent is registered with the system. This situation could lead to the unauthorized pairing of certain Bluetooth devices without any form of authentication. Versions before bluez 5.51 are vulnerable.

Credit: secalert@redhat.com secalert@redhat.com

Affected SoftwareAffected VersionHow to fix
BlueZ BlueZ<5.51
Canonical Ubuntu Linux=18.04
ubuntu/bluez<5.51
5.51
ubuntu/gnome-bluetooth<3.28.0-2ubuntu0.1
3.28.0-2ubuntu0.1
ubuntu/gnome-bluetooth<3.28.1
3.28.1
debian/bluez
5.55-3.1+deb11u1
5.66-1+deb12u2
5.66-1+deb12u1
5.73-1.1

Remedy

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10910

Remedy

https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=2796d545e82659541333050557d5dbb89a295ae7

Remedy

https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=ee863d9d5dd45b183ba6b0b45455498cd88b8663

Remedy

https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=6324acf2012ec444f67c73a42d3991064a69eec6

Remedy

https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=45969a7a7335eaa47c52b76b9e32c28d680dc031

Remedy

https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=bbf1cd0102a4de658ca596dddb48713124f1fd41

Remedy

https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=d04eb02f9bad8795297210ef80e262be16ea8f07

Remedy

https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=170ff3b81fdd9902c0b41bfd37ea0090cdb22830

Remedy

https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=9a57d90628224fa6525e4eebf1e97f713918bb3b

Remedy

https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=4f162b557a963cc21f7f1933e9abf3876f283b38

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

  • What is CVE-2018-10910?

    CVE-2018-10910 is a vulnerability in Bluez that allows for the Bluetooth Discoverable state to be set to on when no Bluetooth agent is registered with the system, potentially leading to unauthorized pairing of Bluetooth devices.

  • Which versions of Bluez are vulnerable to CVE-2018-10910?

    Versions before Bluez 5.51 are vulnerable to CVE-2018-10910.

  • What is the severity of CVE-2018-10910?

    The severity of CVE-2018-10910 is medium with a severity value of 3.3.

  • How can I fix CVE-2018-10910?

    To fix CVE-2018-10910, update Bluez to version 5.51 or higher.

  • Where can I find more information about CVE-2018-10910?

    You can find more information about CVE-2018-10910 on the Red Hat Bugzilla and Ubuntu security advisories.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203