Bluetooth Device Memory Leak in Linux Kernel
CVE-2026-53252

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 25 June 2026

What is CVE-2026-53252?

A memory leak vulnerability in the Linux kernel affects Bluetooth devices when early failures occur during HCI UART configuration. If device initialization fails before the hci_register_dev() function is complete, the HCI_UNREGISTER flag is not set. This oversight prevents the proper cleanup of resources, leading to a leak of percpu memory. The fix involves explicitly calling cleanup_srcu_struct() in the fallback scenario before freeing the device, ensuring that all initialized resources are properly released.

Affected Version(s)

Linux 90dee0a0ff84fac8accd5be98412b3819f667149 < 5b7dfca6f852e6b9d809fd0263b5427cc9fb33fd

Linux c56b177efce8b62798e4d96bdb9867106cb7c4a0

Linux bc0819a25e04cd68ef3568cfa51b63118fea39a7 < 0622e527a31d4b44737fed5c1a2ac1fc2cfb5184

References

https://git.kernel.org/stable/c/5b7dfca6f852e6b9d809fd026...

https://git.kernel.org/stable/c/c016118b9e51eeaf5bc93850d...

https://git.kernel.org/stable/c/0622e527a31d4b44737fed5c1...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 25, 2026
Vulnerability Reserved
Jun 9, 2026

CVE-2026-53252 Data

JSON