A flaw was found in the Linux kernelβs implementation of the HCI UART driver. A local attacker with access permissions to the Bluetooth device can issue an ioctl, which triggers the hci_uart_set_proto() function in drivers/bluetooth/hci_ldisc.c. The flaw in this function can cause memory corruption or a denial of service because of a use-after-free issue when the hci_uart_register_dev() fails.
To mitigate this issue, prevent module hci_uart from being loaded. Please see <https://access.redhat.com/solutions/41278> for how to blacklist a kernel module to prevent it from loading automatically.