While Purism-devices don’t provide bluetooth out of the box due to non-free firmware blobs necessary, the information might be of interest for one or another.
CVE-2020-12351 - high
CVE-2020-12352 - moderate
The sec-issues above allow attackers to connect to linux-devices with activated bluetooth including priviledge escalation.
For the general freedom- & security-conscious Purism-customers their microswitches once more show that they’re there for a reason. No bluetooth active, no attack-surface.
Switching the mobile’s bluetooth off when not necessary also once more proves to be a good idea.