the session (or pairing key) means you can both connect to the headphone or impersonate it.
It can toggle the hands-free mode and listen to whatever is being talked, you'd notice that it has switched to the mode though - but if you're headphones are powered on and you're not listening to in they can be used for eavesdropping.
During the talk they both demonstrate listening to the microphone and also receiving a WhatsApp 2FA call.
If you have a Bluetooth analyzer (e.g. Ellisys), then the link key and a directional antenna is all you need to passively eavesdrop on a conversation at a distance.
Of course, even regular omnidirectional Bluetooth antennas are plenty to eavesdrop through a hotel room door, from the hallway outside a conference room, etc.
An attacker can also passively record all the packets in an area (Ellisys allows recording all channels at the same time), and then actively gather link keys using this attack at any time to decrypt the stored conversations.
It can toggle the hands-free mode and listen to whatever is being talked, you'd notice that it has switched to the mode though - but if you're headphones are powered on and you're not listening to in they can be used for eavesdropping.
During the talk they both demonstrate listening to the microphone and also receiving a WhatsApp 2FA call.