Home

Description

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_conn: Fix memory leak in hci_le_big_terminate() hci_le_big_terminate() allocates iso_list_data via kzalloc_obj but returns 0 without freeing it when neither pa_sync_term nor big_sync_term flags are set after evaluating the PA and BIG sync connection state. This early-return path was introduced when hci_le_big_terminate() was refactored to take struct hci_conn instead of raw u8 parameters, adding PA/BIG flag evaluation logic. The existing kfree() on hci_cmd_sync_queue failure does not cover this path.

PUBLISHED Reserved 2026-06-09 | Published 2026-07-13 | Updated 2026-07-13 | Assigner Linux

Product status

Default status
unaffected

a7bcffc673de219af2698fbb90627016233de67b (git) before e6b78019664dfe37c3dc707f50e7b453d6c7726d
affected

a7bcffc673de219af2698fbb90627016233de67b (git) before a59d4f4217e6200ca9180643e5738a87d3fa8be0
affected

a7bcffc673de219af2698fbb90627016233de67b (git) before bfa9d28960ed677d556bdf097073bc3129686229
affected

087812a6119b4cd5c9d658b48aee40a25707a1c6 (git)
affected

6.16.4 (semver) before 6.17
affected

Default status
affected

6.17
affected

Any version before 6.17
unaffected

6.18.35 (semver)
unaffected

7.0.12 (semver)
unaffected

7.1 (original_commit_for_fix)
unaffected

References

git.kernel.org/...c/e6b78019664dfe37c3dc707f50e7b453d6c7726d

git.kernel.org/...c/a59d4f4217e6200ca9180643e5738a87d3fa8be0

git.kernel.org/...c/bfa9d28960ed677d556bdf097073bc3129686229

cve.org (CVE-2026-53364)

nvd.nist.gov (CVE-2026-53364)

Download JSON