Updated 23 January 2024 (corrected OS 11 update)

Updated 16 January 2024 (added fixed versions)

First published 19 December 2023

CVSS 3.1: 8.8 (High)



A security vulnerability has been discovered in the Bluetooth stack used in IGEL OS. This affects the following IGEL products:

  • IGEL OS 12
  • IGEL OS 11


It has been found that BlueZ does not properly restrict non-bonded devices from injecting Human Interface Device (HID) events into the input subsystem. This could allow a physically proximate attacker to inject keystrokes and mouse events – and execute arbitrary commands when the device is discoverable.


  1. Use wired USB devices for keyboard and mouse.
  2. Disable Bluetooth in Setup Devices > Bluetooth.

Update Instructions

  • OS 12: Update to OS 12 base system app version 12.3.1 (planned to be released on 6 Feb 2024).
  • OS 11: IGEL is preparing an OS 11 release with fixed Bluetooth.