Mark EslerDec 13, 2023

hi @gamingonlinux o/

A recent bluetooth vulnerability (CVE-2023-45866) in BlueZ requires disabling devices that do not support classic bonded mode, like the PS3 controller.

This will be default in the next release of BlueZ and distros are already beginning to apply this security patch.

I commented on the impact of the vulnerability and how to re-enable legacy device support on https://bugs.launchpad.net/ubuntu/+source/bluez/+bug/2045931

Could you please help raise awareness about legacy controller support on Linux? 🙏

Bug #2045931 “ps3 sixasis controller request pin to connect to b...” : Bugs : bluez package : Ubuntu

[ Workaround ] 1. Set ClassicBondedOnly=false in /etc/bluetooth/input.conf 2. Run: systemctl restart bluetooth # or reboot [ Original Description ] Once my Ubuntu updated bluez package to 5.64-0ubuntu1.1 I was not able to connect my PS3 Sixasis controller via bluetooth. It is aking to enter a PIN in the device (not possible to enter a pin in the gamepad). Source pacakge (from "apt list -a bluez"): bluez/jammy-updates,jammy-security 5.64-0ubuntu1.1 amd64 Once downgraded to 5.64-0ubuntu1 ...

Launchpad
Show threadMark EslerFeb 22, 2024

@gamingonlinux I added notes about this vulnerability to https://markesler.com/notes/bluetooth-attacks/#classicbondedonly

with links to the researchers blog, PoCs, and shoocon talk

Bluetooth Attacks | Mark Esler ⌨️ 🤠

Show threadMark Esler

@gamingonlinux many folks are quite confused about this :(

https://github.com/bluez/bluez/issues/673

After updating to version 5.64-0ubuntu1.1 my gamepad stopped working. · Issue #673 · bluez/bluez

The earbuds are fine but my gamepad stopped working.

GitHub
May 7, 2024 at 12:09amWeb