CVE-2026-53252
MediumCVSS 5.5Exploitation Probability (EPSS)
Low risk9th percentile - higher than 9% of all known CVEs
Summary
A memory leak in the error path of hci_alloc_dev() in the Linux kernel was fixed. When Bluetooth HCI UART device initialization fails before registration, the HCI_UNREGISTER flag is not set, bypassing hci_release_dev() and leaking SRCU percpu memory. The fix explicitly calls cleanup_srcu_struct() in the unregistered branch of bt_host_release().
Risk Assessment
The memory leak can gradually exhaust system resources, potentially leading to system instability or denial of service (DoS) after repeated failed Bluetooth device initialization attempts.
Recommendation
Immediately update the Linux kernel to a version containing the fix (commit addressing the issue). Monitor for the patch availability for your distribution and apply it as part of routine patch management.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: fix memory leak in error path of hci_alloc_dev() Early failures in Bluetooth HCI UART configuration leak SRCU percpu memory. When device initialization fails before hci_register_dev() completes, the HCI_UNREGISTER flag is never set. As a result, when the device reference count reaches zero, bt_host_release() evaluates this flag as false and falls back to a direct kfree(hdev). Because hci_release_dev() is bypassed, the SRCU struct initialized early in hci_alloc_dev() is never cleaned up, resulting in a leak of percpu memory. Fix the leak by explicitly calling cleanup_srcu_struct() in the fallback (unregistered) branch of bt_host_release() before freeing the device.

