Published: 1 April 2020
A logic issue was addressed with improved state management. This issue is fixed in iOS 13.4 and iPadOS 13.4. An attacker in a privileged network position may be able to intercept Bluetooth traffic.
CVSS 3 base score: 6.5
For Ubuntu this only appears to affect gatttool from bluez. Marking this as low priority since this tool is not running or enabled by default (and is deprecated in favour of bluetoothctl).
no upstream fix as of 2021-05-26