CVE Catalog

CVE-2026-53252

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.19%

9th percentile - higher than 9% of all known CVEs

Summary

A memory leak in the error path of hci_alloc_dev() in the Linux kernel was fixed. When Bluetooth HCI UART device initialization fails before registration, the HCI_UNREGISTER flag is not set, bypassing hci_release_dev() and leaking SRCU percpu memory. The fix explicitly calls cleanup_srcu_struct() in the unregistered branch of bt_host_release().

Risk Assessment

The memory leak can gradually exhaust system resources, potentially leading to system instability or denial of service (DoS) after repeated failed Bluetooth device initialization attempts.

Recommendation

Immediately update the Linux kernel to a version containing the fix (commit addressing the issue). Monitor for the patch availability for your distribution and apply it as part of routine patch management.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: fix memory leak in error path of hci_alloc_dev() Early failures in Bluetooth HCI UART configuration leak SRCU percpu memory. When device initialization fails before hci_register_dev() completes, the HCI_UNREGISTER flag is never set. As a result, when the device reference count reaches zero, bt_host_release() evaluates this flag as false and falls back to a direct kfree(hdev). Because hci_release_dev() is bypassed, the SRCU struct initialized early in hci_alloc_dev() is never cleaned up, resulting in a leak of percpu memory. Fix the leak by explicitly calling cleanup_srcu_struct() in the fallback (unregistered) branch of bt_host_release() before freeing the device.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS