Fix the security vulnerability issue
A variant of this attack works when bluetoothctl shows that bluetooth is
discoverable, pariable, and discovering (only a subset may be necessary). On
Ubuntu 22.04 Desktop this becomes true when the GNOME panel for
bluetooth settings is opened.
BlueZ's setting ClassicBondedOnly=true prevents this attack.
This parameter is not enabled in CVE-2020-0556 patches and all distros
I checked have not opted into this setting. Most members of the distros list
are likely affected.
Change-Id: Ib4883d1766d314bcd415308a9e4805e196462f3a
Signed-off-by: Wootak Jung <wootak.jung@samsung.com>
projects / platform / upstream / bluez.git / commit