CVE-2024-53144 is a vulnerability identified in the Linux kernel's Bluetooth subsystem, specifically related to the handling of the BR/EDR (Basic Rate/Enhanced Data Rate) JUST_WORKS pairing method. The vulnerability arises from a misalignment between the BR/EDR JUST_WORKS pairing process and the Low Energy (LE) Bluetooth pairing process. Since commit 92516cd97fd4, the Linux kernel has enforced a policy to always request user confirmation during JUST_WORKS pairing by setting a confirm_hint flag. This change was intended to ensure that Bluetooth daemons like bluetoothd, which manage pairing policies (e.g., main.conf:JustWorksRepairing), consistently require user interaction to confirm pairing, thereby mitigating unauthorized connections. The vulnerability implies that prior to this fix, the BR/EDR JUST_WORKS pairing method did not consistently enforce user confirmation, potentially allowing an attacker within Bluetooth range to pair with a device without explicit user consent. This could lead to unauthorized access or data interception over Bluetooth connections. The affected versions include multiple Linux kernel commits identified by their hashes, indicating that the issue spans several recent kernel versions before the patch was applied. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet. The vulnerability is technical and specific to the Bluetooth protocol implementation in Linux kernels, affecting devices that rely on Linux for Bluetooth connectivity and use the JUST_WORKS pairing method without additional security layers.

For European organizations, this vulnerability poses a risk primarily to devices and systems that use Linux-based operating systems with Bluetooth capabilities, such as laptops, embedded systems, IoT devices, and industrial control systems. Unauthorized Bluetooth pairing could allow attackers to gain access to sensitive data transmitted over Bluetooth, inject malicious commands, or establish persistent unauthorized connections. This is particularly concerning for sectors with high Bluetooth usage, including manufacturing, healthcare, and transportation, where compromised devices could lead to operational disruptions or data breaches. The impact on confidentiality is significant due to potential data interception, while integrity and availability could be affected if attackers manipulate device behavior or disrupt Bluetooth services. Given the widespread use of Linux in enterprise and industrial environments across Europe, the vulnerability could have broad implications if exploited. However, exploitation requires proximity to the target device (Bluetooth range) and the ability to initiate pairing, which somewhat limits the attack surface. The lack of known exploits suggests the threat is currently theoretical but warrants prompt mitigation to prevent future attacks.

European organizations should prioritize updating their Linux kernel versions to include the patch that aligns BR/EDR JUST_WORKS pairing with LE pairing, ensuring user confirmation is always requested. System administrators should audit Bluetooth policies configured in bluetoothd (e.g., main.conf) to enforce strict pairing confirmation requirements and disable or restrict JUST_WORKS pairing where possible. For critical systems, consider disabling Bluetooth if not essential or using alternative secure communication methods. Network segmentation and physical security controls should be enhanced to limit attacker proximity to Bluetooth-enabled devices. Additionally, organizations should monitor Bluetooth connection logs for unusual pairing attempts and educate users about the risks of accepting unexpected Bluetooth pairing requests. For embedded and IoT devices running custom Linux kernels, vendors should be engaged to provide timely firmware updates incorporating the fix. Finally, integrating Bluetooth security assessments into regular vulnerability management processes will help detect and remediate similar issues proactively.