A potential security risk with Bluetooth has been identified. This risk applies to Bluetooth BR/EDR (basic rate/enhanced data rate, known as "Bluetooth Classic") connections. The vulnerability makes it possible to force the encryption key size down to one byte, thereby making it feasible to use brute-force methods to decrypt a Bluetooth communication.
For more information on this industry wide security threat, refer to this Bluetooth Security Notice:
https://www.bluetooth.com/security/statement-key-negotiation-of-bluetooth/.
note:CERT/CC has issued CVE-2019-9506 and VU#918987 for this tampering vulnerability, which has a CVSS score of 7.8.