In the Linux kernel, the following vulnerability has been resolved: Bluetooth: fix memory leak in error path of hci_alloc_dev() Early failures in Bluetooth HCI UART configuration leak SRCU percpu memory. When device initialization fails before hci_register_dev() completes, the HCI_UNREGISTER flag is never set. As a result, when the device reference count reaches zero, bt_host_release() evaluates this flag as false and falls back to a direct kfree(hdev). Because hci_release_dev() is bypassed, the SRCU struct initialized early in hci_alloc_dev() is never cleaned up, resulting in a leak of percpu memory. Fix the leak by explicitly calling cleanup_srcu_struct() in the fallback (unregistered) branch of bt_host_release() before freeing the device.
| Vendor | Product | Versions |
|---|---|---|
| linux | linux kernel | 90dee0a0ff84fac8accd5be98412b3819f667149, c56b177efce8b62798e4d96bdb9867106cb7c4a0, bc0819a25e04cd68ef3568cfa51b63118fea39a7, ce23b73f0f27e2dbeb81734a79db710f05aa33c6, 1d6123102e9fbedc8d25bf4731da6d513173e49e, 1d6123102e9fbedc8d25bf4731da6d513173e49e, 1d6123102e9fbedc8d25bf4731da6d513173e49e, dd4becd3fd4102696e1c15e6d260a1712a2d8685, 0e5c144c557df910ab64d9c25d06399a9a735e65, 5.15.209, 6.1.167, 6.6.97, 6.12.36, 5.10.259, 6.15.5, 6.16, 7.0.12, 5.15.210, 6.1.176, 6.6.143, 6.12.94, 6.18.36, 7.0.13, 7.1 |
Updated description with technical details, added new affected versions, and set patchAvailable to null.
Updated severity to CRITICAL, added affected version 7.0.12, and noted that no exploit is available.
Initial creation
