Hello all o/ This is intentional. And easy to reverse.
The patch for CVE-2023-45866 works as intended and is not a regression. https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/profiles/input?id=25a471a83e02e1effb15d5a488b3f0085eaeb675 If ClassicBondedOnly is not enforced, a nearby attacker can create a HID (like a keyboard and mouse) on the victims PC when bluetooth is discoverable. An HID can be used as a keyloggers or, of course, give direct control of the session. The CVE reporter has discussed this further on https://github.com/skysafe/reblog/tree/main/cve-2023-45866 And a talk and PoC release is forthcoming. Fortunately, it is easy to enable legacy devices by setting `ClassicBondedOnly=false` in `/etc/bluetooth/input.conf`, and then running `systemctl restart bluetooth`. I ver ified that a PS3 controller works well after this :) All other distros *should* be fixing this CVE. I would love it if bloggers in the Linux gaming sphere could raise awareness about this CVE and share how to enable legacy bluetooth device support. ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-45866 ** Changed in: bluez (Ubuntu) Status: Confirmed => Won't Fix ** Changed in: bluez (Ubuntu) Assignee: Nishit Majithia (0xnishit) => Mark Esler (eslerm) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to bluez in Ubuntu. https://bugs.launchpad.net/bugs/2045931 Title: ps3 sixasis controller request pin to connect to bt Status in bluez package in Ubuntu: Won't Fix Bug description: Once my Ubuntu updated bluez package to 5.64-0ubuntu1.1 I was not able to connect my PS3 Sixasis controller via bluetooth. It is aking to enter a PIN in the device (not possible to enter a pin in the gamepad). Source pacakge (from "apt list -a bluez"): bluez/jammy-updates,jammy-security 5.64-0ubuntu1.1 amd64 Once downgraded to 5.64-0ubuntu1 version, gamepad connects OK again without asking for a connection PIN. Ubuntu release: Description: Ubuntu 22.04.3 LTS Release: 22.04 Package version: bluez: Installed: 5.64-0ubuntu1.1 Expected to happen: Connect PS3 Controller by Bluetooth without asking for a PIN code Happened instead: PS3 Controller cannot connect because PIN code is requested To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bluez/+bug/2045931/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
