An out-of-bound access and a possible memory corruption vulnerability leading to a system crash was found in the Linux kernel in the BlueTooth subsystem. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.
Previously this vulnerability was referenced as a flaw in Android kernel with an id of A-63527053.
An upstream fix:
Created bluez tracking bugs for this issue:
Affects: fedora-all [bug 1537198]
Per discussion with Android security developer this flaw is related to
the upstream commit 51bda2bca53b ("Bluetooth: hidp_connection_add() unsafe
use of l2cap_pi()").