Several vulnerabilities were discovered in Bluez, the Linux Bluetooth protocol stack. CVE-2020-26558 / CVE-2021-0129 It was discovered that Bluez does not properly check permissions during pairing operation, which could allow an attacker to impersonate the initiating device. CVE-2020-27153 Jay LV discovered a double free flaw in the disconnect_cb routine in the gattool. A remote attacker can take advantage of this flaw during service discovery for denial of service, or potentially, execution of arbitrary code.