linux is vulnerable to Use-After-Free. net/bluetooth/l2cap_core.c
’s l2cap_connect
and l2cap_le_connect_req
functions may allow code execution and leak kernel memory remotely via Bluetooth, which allows a remote attacker to exploit the vulnerability via Bluetooth if they are within the proximity of the victim.