Google and Intel are urging users to update the Linux kernel to upgraded version 5.9 or later. Intel and Google are warning of a highly severe flaw in BlueZ. This Linux Bluetooth protocol stack provides support for core Bluetooth protocols and layers to Linux-based internet of things (IoT) devices.
As per Google, the vulnerability affects all Linux kernel versions prior to 5.9 that supports BlueZ. BlueZ, which remains an open-source project distributed under GNU General Public License (GPL), flaunts features like the BlueZ kernel as a part of the official Linux kernel since version 2.4.6.
Google calls this flaw “BleedingTooth,” which can be exploited in a “zero-click” attack through specially crafted input by any local, unauthenticated attacker. This could potentially permit for escalated privileges on affected devices.