Description
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_conn: Fix memory leak in hci_le_big_terminate() hci_le_big_terminate() allocates iso_list_data via kzalloc_obj but returns 0 without freeing it when neither pa_sync_term nor big_sync_term flags are set after evaluating the PA and BIG sync connection state. This early-return path was introduced when hci_le_big_terminate() was refactored to take struct hci_conn instead of raw u8 parameters, adding PA/BIG flag evaluation logic. The existing kfree() on hci_cmd_sync_queue failure does not cover this path.
Product status
a7bcffc673de219af2698fbb90627016233de67b (git) before e6b78019664dfe37c3dc707f50e7b453d6c7726d
a7bcffc673de219af2698fbb90627016233de67b (git) before a59d4f4217e6200ca9180643e5738a87d3fa8be0
a7bcffc673de219af2698fbb90627016233de67b (git) before bfa9d28960ed677d556bdf097073bc3129686229
087812a6119b4cd5c9d658b48aee40a25707a1c6 (git)
6.16.4 (semver) before 6.17
6.17
Any version before 6.17
6.18.35 (semver)
7.0.12 (semver)
7.1 (original_commit_for_fix)
References
git.kernel.org/...c/e6b78019664dfe37c3dc707f50e7b453d6c7726d
git.kernel.org/...c/a59d4f4217e6200ca9180643e5738a87d3fa8be0
git.kernel.org/...c/bfa9d28960ed677d556bdf097073bc3129686229