Intel and Google are warning of a high-severity flaw in BlueZ, the Linux Bluetooth protocol stack. The flaw, which Google calls BleedingTooth, can be exploited in a zero-click attack via specially crafted input. The vulnerability affects users of Linux kernel versions before 5.9 that support BlueZ. Intel also issued a fix for two other flaws that affect BlueZ that stem from improper access control. Google has published proof-of-concept exploit code for the flaw on GitHub.
Source: https://threatpost.com/google-intel-kernel-bug-linux-iot/160067/