Memory Leak Vulnerability in Linux Kernel Bluetooth Module
CVE-2026-53364

Currently unrated

Key Information:

Vendor

Linux

Status
Vendor
CVE Published:
13 July 2026

What is CVE-2026-53364?

In the Linux Kernel's Bluetooth module, the hci_le_big_terminate function contains a flaw that can lead to a memory leak. When specific flags are not set during the evaluation of the PA and BIG sync connection state, the function allocates memory for iso_list_data but fails to free it before exiting. This oversight was introduced during a recent refactoring process. If the memory is not properly freed, it could result in performance degradation or system instability over time as allocated memory accumulates without release.

Affected Version(s)

Linux a7bcffc673de219af2698fbb90627016233de67b

Linux a7bcffc673de219af2698fbb90627016233de67b

Linux a7bcffc673de219af2698fbb90627016233de67b

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.