An input validation flaw was found in the Bluetooth Session Description Protocol packet parser used in the Bluez bluetooth utilities. A bluetooth device with an already-trusted relationship, or a local user registering a service record via a UNIX socket or D-Bus interface, could cause a crash and potentially execute arbitrary code with the privileges of the hcid daemon . The updated packages have been patched to correct this issue.