CVE-2022-24695

Name of the Vulnerable Software and Affected Versions Bluetooth Core Specification versions through 5.3

Description The issue is related to Bluetooth Classic in the Bluetooth Core Specification, where device information for Bluetooth transceivers in Non-Discoverable mode is not properly concealed. An attacker can conduct an efficient over-the-air attack to extract the permanent, unique Bluetooth MAC identifier, device capabilities, and identifiers, potentially containing information about the device owner. This also allows the attacker to establish a connection to the target device.

Recommendations For Bluetooth Core Specification versions through 5.3, consider disabling the Non-Discoverable mode for Bluetooth transceivers until a patch is available to properly conceal device information. Restrict access to device capabilities and identifiers to minimize the risk of exploitation. Avoid using the Bluetooth MAC identifier in affected devices until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.