From gbhackers.com

Security researchers from at the École Polytechnique Fédérale de Lausanne (EPFL) and Purdue University discovered vulnerabilities related to Cross-Transport Key Derivation (CTKD) with Bluetooth BR/EDR and LE in Bluetooth Specifications 4.0 through 5.0.
Bluetooth BR/EDR and LE that using Cross-Transport Key Derivation (CTKD) are vulnerable to key overwrite which allows attackers to gain additional access to profiles by reducing the encryption strength.