CVE-2026-53073
UnknownSummary
A vulnerability has been identified in the Linux kernel that occurs when hci_register_dev() fails in hci_uart_register_dev(). In this case, HCI_UART_PROTO_INIT is not cleared before calling hu->proto->close(hu), which may lead to improper processing of UART data.
Risk Assessment
This vulnerability may lead to unauthorized access to system resources, posing a risk to the integrity and confidentiality of data transmitted over Bluetooth.
Recommendation
It is recommended to update the Linux kernel to the latest version to eliminate this vulnerability and ensure that HCI_UART_PROTO_INIT is cleared before freeing resources.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_ldisc: Clear HCI_UART_PROTO_INIT on error When hci_register_dev() fails in hci_uart_register_dev() HCI_UART_PROTO_INIT is not cleared before calling hu->proto->close(hu) and setting hu->hdev to NULL. This means incoming UART data will reach the protocol-specific recv handler in hci_uart_tty_receive() after resources are freed. Clear HCI_UART_PROTO_INIT with a write lock before calling hu->proto->close() and setting hu->hdev to NULL. The write lock ensures all active readers have completed and no new reader can enter the protocol recv path before resources are freed. This allows the protocol-specific recv functions to remove the "HCI_UART_REGISTERED" guard without risking a null pointer dereference if hci_register_dev() fails.

