Firmware Management Flaw in Linux Kernel Bluetooth Drivers
CVE-2026-43069

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 5 May 2026

What is CVE-2026-43069?

A firmware management issue has been discovered in the Linux kernel's Bluetooth drivers. This vulnerability arises in the function responsible for downloading firmware. If an attempt to request firmware is successful, but the content returned is invalid (such as being empty or zero-sized), the function exits without properly releasing the allocated firmware resources. This oversight leads to a resource leak, which can degrade system performance over time. To mitigate this issue, it is essential to implement a check that invokes the release_firmware() function before returning when an invalid firmware content is detected.

Affected Version(s)

Linux 371805522f870986144fcd88727a47858e364a2c < 95e8601af227b2b4390eecf8db6abdb9f6a91f17

Linux 371805522f870986144fcd88727a47858e364a2c

References

https://git.kernel.org/stable/c/95e8601af227b2b4390eecf8d...

https://git.kernel.org/stable/c/e6d95488c8c964d1df0d3e1db...

https://git.kernel.org/stable/c/b2dfbf1b5ff192cefd49574b9...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 5, 2026
Vulnerability Reserved
May 1, 2026

CVE-2026-43069 Data

JSON