Bug 1212028 (CVE-2022-24695)

Summary: VUL-0: CVE-2022-24695: kernel-source-azure,kernel-source-rt,bluez,kernel-source: Bluetooth Classic in Bluetooth Core Specification through 5.3 does not properly conceal device information for Bluetooth transceivers in Non-Discoverable mode.
Product: [Novell Products] SUSE Security Incidents Reporter: Thomas Leroy <thomas.leroy>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED WONTFIX QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: jack, mhocko, security-team, stoyan.manolov
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/368229/
Whiteboard: CVSSv3.1:SUSE:CVE-2022-24695:4.3:(AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Thomas Leroy 2023-06-05 13:49:16 UTC 
CVE-2022-24695

Bluetooth Classic in Bluetooth Core Specification through 5.3 does not properly
conceal device information for Bluetooth transceivers in Non-Discoverable mode.
By conducting an efficient over-the-air attack, an attacker can fully extract
the permanent, unique Bluetooth MAC identifier, along with device capabilities
and identifiers, some of which may contain identifying information about the
device owner. This additionally allows the attacker to establish a connection to
the target device.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-24695
https://www.cve.org/CVERecord?id=CVE-2022-24695
https://www.computer.org/csdl/proceedings-article/sp/2023/933600a521/1He7Yja1AYM
https://sp2023.ieee-security.org/program-papers.html
https://www.bluetooth.com/specifications/specs/core-specification/
Comment 1 Thomas Leroy 2023-06-05 13:50:00 UTC 
Leaving open, but no affected software specified atm
Comment 3 Joey Lee 2023-08-02 06:57:22 UTC 
I have googled again but still didn't find any Linux Bluez or kernel stuff relates to CVE-2022-24695.

I think that the IEEE paper has more detail, maybe it has some suggestions:

Blue's Clues: Practical Discovery of Non-Discoverable Bluetooth Devices
https://www.computer.org/csdl/proceedings-article/sp/2023/933600a521/1He7Yja1AYM

But we need to buy it.
Comment 8 Jan Kara 2024-01-30 14:02:42 UTC 
OK, based on comment 7 this is WONFIX from our side. Reassigning back to security team.
Comment 9 Thomas Leroy 2024-01-30 14:08:36 UTC 
No affected software, and no software mitigation found in bluez. Closing as wontfix