The Bluetooth Impersonation Attacks (BIAS) Security vulnerability seems to be affecting most standards compliant bluetooth devices. Bluetooth SIG has a few recommendations on what to do here:
https://www.bluetooth.com/learn-about-bluetooth/bluetooth-technology/bluetooth-security/bias-vulnerability/
As far as I understand, the kernel is not vulnerable to the Key Negotiation-attack. But are any of the other recommendations that are listed implemented in bluez?
Thanks,
Per Waagø