The flaw resides in the Cross-Transport Key Derivation (CTKD) of devices supporting both Basic Rate/Enhanced Data Rate (BR/EDR) and Bluetooth Low Energy (BLE) standard. The flaw can lead to several potential attacks, grouped as ‘BLUR attacks,’ including man-in-the-middle attack. Bluetooth SIG has started coordinates with affected device manufacturers to help them release necessary patches rapidly. The Bluetooth SIG recommends that devices restrict when they are pairable on either transport to times when user interaction places the device into a pairable mode or when the device has no bonds.
Source: https://thehackernews.com/2020/09/new-bluetooth-vulnerability.html