CVE-2021-0124

CVE-2021-0124 is a critical vulnerability that affects the Linux kernel's Bluetooth implementation. The flaw allows an attacker within Bluetooth range to execute arbitrary code or cause a denial of service (DoS) attack on the affected system. The vulnerability has been rated with a CVSS score of 8.3 out of 10, which indicates high severity. The vulnerability was discovered in January 2021 and was publicly disclosed on February 9th, 2021. The vulnerability affects versions of the Linux kernel from 3.16 to 5.10 and has been patched since its discovery. The patch was initially made available through downstream distributions like Debian, Ubuntu, and Fedora before being incorporated into the mainline Linux kernel. Exploitation of this vulnerability could allow an attacker to gain full control over the target system, including sensitive information and system resources. Therefore, it is highly recommended that affected systems apply the patch as soon as possible to mitigate the risk of exploitation. Additionally, users are advised to disable Bluetooth when not in use to reduce the attack surface.