In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an hci_chan, aka CID-5c4c8c954409. This leads to writing an arbitrary value. CREATE(Triage):(User=admin) CVE-2021-33034 (https://nvd.nist.gov/vuln/detail/CVE-2021-33034)