An out-of-bounds read vulnerability in the Linux kernel Bluetooth subsystem could lead to system crashes or sensitive information exposure.

The flaw resides in hci_le_create_big_complete_evt(), where incorrect iteration logic over bis_handle results in out-of-bounds memory access and a potential infinite loop when processing Bluetooth LE events.

With a CVSS score of 8.1 (High), this vulnerability poses a risk to any system utilizing Bluetooth functionality. Successful exploitation can lead to a denial-of-service (system hang) or potentially expose sensitive memory contents, which is particularly concerning in mobile or IoT deployments.

Immediate Action: Apply the latest kernel security patches from your distribution vendor to resolve the Bluetooth event processing logic.

Proactive Monitoring: Disable Bluetooth on servers or critical systems where it is not required to eliminate the attack surface entirely.

Compensating Controls: Monitor system performance for high CPU usage or logs indicating Bluetooth driver issues.

Public Exploit Available: false

Bluetooth-related vulnerabilities are often overlooked in server environments. Ensure that your kernel is patched and consider disabling unused Bluetooth hardware to reduce the overall attack surface.