In a free Bluetooth stack , which is used in Linux and Chrome OS distributions, vulnerability (), potentially allowing an attacker to gain access to the system. Vulnerability due to incorrect access checking in the implementation of Bluetooth HID and HOGP profiles without going through the process of binding a device to a host, achieve a denial of service or privilege escalation when connecting a malicious Bluetooth device. A malicious Bluetooth device, without going through the pairing procedure, can impersonate another (keyboard, mouse, game controllers, etc.) or organize hidden substitution of data in the input subsystem.
On At Intel, the problem appears in Bluez releases up to and including 5.52. It is not clear if the issue affects release 5.53, which publicly, but since February available via and . Fix patches (, ) the vulnerabilities were proposed on March 10, and the release was formed on February 15th. In distribution kits, updates have not yet been formed (, , , , , ).
Source: opennet.ru