CVE-2023-45866 On grapheneOS

antsyboy

Does CVE-2023-45866 affect GrapheneOS as well, or did part of the hardening and attack surface reduction prevent it in the first place? If GrapheneOS is affected, what measures can be taken on the user's end to prevent against exploitation of this, is there anything better than just turning off bluetooth?

matchboxbananasynergy

https://github.com/GrapheneOS/os-issue-tracker/issues/2734 is what I believe you're referring to.

antsyboy

matchboxbananasynergy https://github.com/GrapheneOS/os-issue-tracker/issues/2734 is what I believe you're referring to.

That seems to be referring to another CVE in the Bluetooth stack, but it references a different CVE than the one I'm mentioning. This is the one that's mentioned in the article, and this is the one I'm referring to. I haven't seen this CVE addressed on the GrapheneOS forums or anything. This CVE has only been public for about a week, and I haven't seen much coverage on it.