5.5
CVE-2026-53252
- EPSS 0.14%
- Veröffentlicht 25.06.2026 08:39:43
- Zuletzt bearbeitet 08.07.2026 16:48:59
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
Bluetooth: fix memory leak in error path of hci_alloc_dev()
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: fix memory leak in error path of hci_alloc_dev() Early failures in Bluetooth HCI UART configuration leak SRCU percpu memory. When device initialization fails before hci_register_dev() completes, the HCI_UNREGISTER flag is never set. As a result, when the device reference count reaches zero, bt_host_release() evaluates this flag as false and falls back to a direct kfree(hdev). Because hci_release_dev() is bypassed, the SRCU struct initialized early in hci_alloc_dev() is never cleaned up, resulting in a leak of percpu memory. Fix the leak by explicitly calling cleanup_srcu_struct() in the fallback (unregistered) branch of bt_host_release() before freeing the device.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 5.10.259 < 5.11
Linux ≫ Linux Kernel Version >= 6.1.167 < 6.1.176
Linux ≫ Linux Kernel Version >= 6.6.97 < 6.6.143
Linux ≫ Linux Kernel Version >= 6.12.36 < 6.12.94
Linux ≫ Linux Kernel Version >= 6.15.5 < 6.16
Linux ≫ Linux Kernel Version >= 6.16.1 < 6.18.36
Linux ≫ Linux Kernel Version >= 6.19 < 7.0.13
Linux ≫ Linux Kernel Version5.15.209
Linux ≫ Linux Kernel Version6.16 Update-
Linux ≫ Linux Kernel Version6.16 Updaterc4
Linux ≫ Linux Kernel Version6.16 Updaterc5
Linux ≫ Linux Kernel Version6.16 Updaterc6
Linux ≫ Linux Kernel Version6.16 Updaterc7
Linux ≫ Linux Kernel Version7.1 Updaterc1
Linux ≫ Linux Kernel Version7.1 Updaterc2
Linux ≫ Linux Kernel Version7.1 Updaterc3
Linux ≫ Linux Kernel Version7.1 Updaterc4
Linux ≫ Linux Kernel Version7.1 Updaterc5
Linux ≫ Linux Kernel Version7.1 Updaterc6
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.14% | 0.034 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
CWE-401 Missing Release of Memory after Effective Lifetime
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
https://git.kernel.org/stable/c/5b7dfca6f852e6b9d809fd0263b5427cc9fb33fd
https://git.kernel.org/stable/c/c016118b9e51eeaf5bc93850d4c455a3b583c0aa
https://git.kernel.org/stable/c/0622e527a31d4b44737fed5c1a2ac1fc2cfb5184
https://git.kernel.org/stable/c/bc2efe73c194a74839d7cf57b63880d97e21d309
https://git.kernel.org/stable/c/ce4b4cac3c5749b6aa75e62e2991ae2263f2f889
https://git.kernel.org/stable/c/f82799407a50af7bcacacf09cc9b279af8fe9b81
https://git.kernel.org/stable/c/37b3009bf5976e8ab77c8b9a9bc3bbd7ff49e37f