CVE-2024-8805
📋 TL;DR
This vulnerability in BlueZ's HID over GATT Profile allows network-adjacent attackers to execute arbitrary code without authentication by exploiting improper access control. It affects Linux systems using BlueZ Bluetooth stack with HOGP functionality enabled. Successful exploitation gives attackers code execution in the context of the current user.
💻 Affected Systems
- BlueZ Bluetooth stack
📦 What is this software?
Bluez by Bluez
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise via remote code execution leading to data theft, persistence, lateral movement, and complete control of affected device.
Likely Case
Local privilege escalation, data exfiltration, and installation of backdoors or malware on vulnerable Bluetooth-enabled devices.
If Mitigated
Limited to denial of service or information disclosure if proper network segmentation and Bluetooth restrictions are in place.
🎯 Exploit Status
No authentication required, network-adjacent access needed. Exploit requires Bluetooth proximity and HOGP functionality.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check distribution-specific updates (e.g., Debian security updates, BlueZ 5.69+ with fixes)
Vendor Advisory: https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
Restart Required: Yes
Instructions:
1. Update BlueZ package via distribution package manager. 2. Restart Bluetooth service or reboot system. 3. Verify version is patched.
🔧 Temporary Workarounds
Disable Bluetooth HOGP
linuxDisable HID over GATT Profile functionality to prevent exploitation
sudo systemctl stop bluetooth
sudo systemctl disable bluetooth
sudo rfkill block bluetooth
Restrict Bluetooth Access
linuxConfigure Bluetooth to require pairing/authentication before HOGP access
Edit /etc/bluetooth/main.conf to set stricter security policies
🧯 If You Can't Patch
- Disable Bluetooth entirely on critical systems
- Implement network segmentation to isolate Bluetooth devices from sensitive networks
🔍 How to Verify
Check if Vulnerable:
Check BlueZ version: bluetoothctl --version or dpkg -l | grep bluezCheck Version:
bluetoothctl --version || dpkg -l | grep bluez || rpm -qa | grep bluezVerify Fix Applied:
Verify updated BlueZ version and test Bluetooth HOGP functionality📡 Detection & Monitoring
Log Indicators:
- Unusual Bluetooth connection attempts
- HOGP service access without pairing
- Bluetooth service crashes
Network Indicators:
- Unexpected Bluetooth Low Energy traffic
- HOGP protocol anomalies
SIEM Query:
source="bluetooth" AND (event="connection" OR event="hogp") AND user="unauthenticated"