In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: hcievent: Fix handling of HCIEVIOCAPA_REQUEST
If we received HCIEVIOCAPAREQUEST while HCIOPREADREMOTEEXT_FEATURES is yet to be responded assume the remote does support SSP since otherwise this event shouldn't be generated.