CVE-2026-53252 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: fix memory leak in error path of hci_alloc_dev() Early failures in Bluetooth HCI UART configuration leak SRCU percpu memory. When device initialization fails before hci_register_dev() completes, the HCI_UNREGISTER flag is never set. As a result, when the device reference count reaches zero, bt_host_release() evaluates this flag as false and falls back to a direct kfree(hdev). Because hci_release_dev() is bypassed, the SRCU struct initialized early in hci_alloc_dev() is never cleaned up, resulting in a leak of percpu memory. Fix the leak by explicitly calling cleanup_srcu_struct() in the fallback (unregistered) branch of bt_host_release() before freeing the device.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

No data.

References

Link	Providers
https://git.kernel.org/stable/c/0622e527a31d4b44737fed5c1a2ac1fc2cfb5184
https://git.kernel.org/stable/c/37b3009bf5976e8ab77c8b9a9bc3bbd7ff49e37f
https://git.kernel.org/stable/c/5b7dfca6f852e6b9d809fd0263b5427cc9fb33fd
https://git.kernel.org/stable/c/bc2efe73c194a74839d7cf57b63880d97e21d309
https://git.kernel.org/stable/c/c016118b9e51eeaf5bc93850d4c455a3b583c0aa
https://git.kernel.org/stable/c/ce4b4cac3c5749b6aa75e62e2991ae2263f2f889
https://git.kernel.org/stable/c/f82799407a50af7bcacacf09cc9b279af8fe9b81

History

Thu, 25 Jun 2026 09:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: Bluetooth: fix memory leak in error path of hci_alloc_dev() Early failures in Bluetooth HCI UART configuration leak SRCU percpu memory. When device initialization fails before hci_register_dev() completes, the HCI_UNREGISTER flag is never set. As a result, when the device reference count reaches zero, bt_host_release() evaluates this flag as false and falls back to a direct kfree(hdev). Because hci_release_dev() is bypassed, the SRCU struct initialized early in hci_alloc_dev() is never cleaned up, resulting in a leak of percpu memory. Fix the leak by explicitly calling cleanup_srcu_struct() in the fallback (unregistered) branch of bt_host_release() before freeing the device.
Title		Bluetooth: fix memory leak in error path of hci_alloc_dev()
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/0622e527a31d4b44737fed5c1a2ac1fc2cfb5184 https://git.kernel.org/stable/c/37b3009bf5976e8ab77c8b9a9bc3bbd7ff49e37f https://git.kernel.org/stable/c/5b7dfca6f852e6b9d809fd0263b5427cc9fb33fd https://git.kernel.org/stable/c/bc2efe73c194a74839d7cf57b63880d97e21d309 https://git.kernel.org/stable/c/c016118b9e51eeaf5bc93850d4c455a3b583c0aa https://git.kernel.org/stable/c/ce4b4cac3c5749b6aa75e62e2991ae2263f2f889 https://git.kernel.org/stable/c/f82799407a50af7bcacacf09cc9b279af8fe9b81

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-06-25T08:39:43.951Z

Updated: 2026-06-25T08:39:43.951Z

Reserved: 2026-06-09T07:44:35.394Z

Link: CVE-2026-53252

Vulnrichment

No data.

NVD

No data.

Redhat

No data.

OpenCVE Enrichment

No data.

Metrics

Affected Vendors & Products

Metrics

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object