A use-after-free in gatt-database.c can occur when a client disconnects during D-Bus processing of a WriteValue call.
Created bluez tracking bugs for this issue:
Affects: fedora-all [bug 2020524]
Marking services "notaffected" as this issue is specific to Bluetooth.
Fixed in Fedora over a month ago with bluez-5.62-1.fc34 bluez-5.62-1.fc35
Bug is relevant to 5.61 none of our products (besides fedora) ship this version.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):