Google security researcher discovered Bluetooth vulnerabilities (BleedingTooth) in the Linux kernel that could allow zero-click attacks. The vulnerabilities are tracked as CVE 2020-12351, CVE-2020-12352, and CVE- 2020-24490. The most severe of the vulnerabilities is a heap-based type confusion flaw that has been rated as high severity and received a CVSS score of 8.3 out of 10. A remote attacker within the Bluetooth range of the victim can exploit the flaw by knowing the bd address of the target device.”]
Source: https://securityaffairs.co/wordpress/109500/hacking/bluetooth-bleedingtooth-vulnerabilities.html