{"id":"CVE-2021-3658","details":"bluetoothd from bluez incorrectly saves adapters' Discoverable status when a device is powered down, and restores it when powered up. If a device is powered down while discoverable, it will be discoverable when powered on again. This could lead to inadvertent exposure of the bluetooth stack to physically nearby attackers.","modified":"2026-04-16T00:07:30.351504513Z","published":"2022-03-02T23:15:08.787Z","related":["SUSE-SU-2022:3687-1","SUSE-SU-2022:3691-1","SUSE-SU-2022:3981-1"],"database_specific":{"unresolved_ranges":[{"source":"CPE_FIELD","cpe":"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"34"}]}]},"references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2024/09/msg00022.html"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20220407-0002/"},{"type":"FIX","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1984728"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=b497b5942a8beb8f89ca1c359c54ad67ec843055"},{"type":"FIX","url":"https://github.com/bluez/bluez/commit/b497b5942a8beb8f89ca1c359c54ad67ec843055"},{"type":"FIX","url":"https://gitlab.gnome.org/GNOME/gnome-bluetooth/-/issues/89"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/bluez/bluez","events":[{"introduced":"0"},{"fixed":"d61f9dc54c04f4fc5791398a0dbae59d671846bf"},{"fixed":"b497b5942a8beb8f89ca1c359c54ad67ec843055"}],"database_specific":{"source":["CPE_FIELD","REFERENCES"],"cpe":"cpe:2.3:a:bluez:bluez:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"0"},{"fixed":"5.61"}]}}],"versions":["4.0","4.1","4.10","4.100","4.101","4.11","4.12","4.13","4.14","4.15","4.16","4.17","4.18","4.19","4.2","4.20","4.21","4.22","4.23","4.24","4.25","4.26","4.27","4.28","4.29","4.30","4.31","4.32","4.33","4.34","4.35","4.36","4.37","4.38","4.39","4.40","4.41","4.42","4.43","4.44","4.45","4.46","4.47","4.48","4.49","4.5","4.50","4.51","4.52","4.53","4.54","4.55","4.56","4.57","4.58","4.59","4.6","4.60","4.61","4.62","4.63","4.64","4.65","4.66","4.67","4.68","4.69","4.7","4.70","4.71","4.72","4.73","4.74","4.75","4.76","4.77","4.78","4.79","4.8","4.80","4.81","4.82","4.83","4.84","4.85","4.86","4.87","4.88","4.89","4.9","4.90","4.91","4.92","4.93","4.94","4.95","4.96","4.97","4.98","4.99","5.0","5.1","5.10","5.11","5.12","5.13","5.14","5.15","5.16","5.17","5.18","5.19","5.2","5.20","5.21","5.22","5.23","5.24","5.25","5.26","5.27","5.28","5.29","5.3","5.30","5.31","5.32","5.33","5.34","5.35","5.36","5.37","5.38","5.39","5.4","5.40","5.41","5.42","5.43","5.44","5.45","5.46","5.47","5.48","5.49","5.5","5.50","5.51","5.52","5.53","5.54","5.55","5.56","5.57","5.58","5.59","5.6","5.60","5.7","5.8","5.9"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-3658.json","vanir_signatures":[{"digest":{"function_hash":"172027338237442028981457552073053210895","length":1061},"source":"https://github.com/bluez/bluez/commit/b497b5942a8beb8f89ca1c359c54ad67ec843055","id":"CVE-2021-3658-0c766298","deprecated":false,"target":{"function":"settings_changed","file":"src/adapter.c"},"signature_version":"v1","signature_type":"Function"},{"digest":{"function_hash":"199595814707437147550770859530159079118","length":658},"id":"CVE-2021-3658-1b478c07","source":"https://github.com/bluez/bluez/commit/b497b5942a8beb8f89ca1c359c54ad67ec843055","deprecated":false,"target":{"file":"src/adapter.c","function":"discovery_stop"},"signature_version":"v1","signature_type":"Function"},{"digest":{"function_hash":"57237209113128885327700725533408695124","length":884},"id":"CVE-2021-3658-255cac33","source":"https://github.com/bluez/bluez/commit/b497b5942a8beb8f89ca1c359c54ad67ec843055","signature_version":"v1","target":{"function":"adapter_stop","file":"src/adapter.c"},"deprecated":false,"signature_type":"Function"},{"digest":{"function_hash":"215979409219665248096667193507816966873","length":798},"source":"https://github.com/bluez/bluez/commit/b497b5942a8beb8f89ca1c359c54ad67ec843055","id":"CVE-2021-3658-297e66dd","signature_version":"v1","target":{"function":"update_discovery_filter","file":"src/adapter.c"},"deprecated":false,"signature_type":"Function"},{"digest":{"threshold":0.9,"line_hashes":["104963158307056949970478967016227532226","8317727962398119407694419342329404763","175054941858700326123829779280039261289","251423948320023549285677037730184888090","12383206230189842888959702628075866467","20390998104180392456583877290186598934","293449557786167649077905277248810166294","279746179832303866084162767381354546838","6132234258970871568308376810271159734","125370935030374927247098034432961599817","93995179838233683689132522363768980786","143542901489466510333381450696622781082","321803935910930282280658943519637646925","182699486257270206849675125404156334454","74093005512484253079730087572995644321","29381542872701219824715949462673746146","12382800406218439269835812647535154854","120146882866845834554881232910048718501","318224308502749218959302652079401459729","170924521707944439506502293211221553803","106877442399903015343127233090525467813","73553654635103188591430240571473489102","191387600899533796202078086118715612356","286395407552482058087899055423815776317","298862074986819470553649304418046728791","96002444711225654149319199652217768750","327020276478737271472315511011154976805"]},"source":"https://github.com/bluez/bluez/commit/b497b5942a8beb8f89ca1c359c54ad67ec843055","id":"CVE-2021-3658-7a00089e","signature_version":"v1","target":{"file":"src/adapter.c"},"deprecated":false,"signature_type":"Line"}],"vanir_signatures_modified":"2026-04-12T00:39:56Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}