CVE-2026-23151
- Source
- https://cve.org/CVERecord?id=CVE-2026-23151
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-23151.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2026-23151
- Downstream
- Related
- Published
- 2026-02-14T16:01:19.663Z
- Modified
- 2026-04-02T17:29:36.128779011Z
- Summary
- Bluetooth: MGMT: Fix memory leak in set_ssp_complete
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: MGMT: Fix memory leak in setsspcomplete
Fix memory leak in setsspcomplete() where mgmtpendingcmd structures are not freed after being removed from the pending list.
Commit 302a1f674c00 ("Bluetooth: MGMT: Fix possible UAFs") replaced mgmtpendingforeach() calls with individual command handling but missed adding mgmtpendingfree() calls in both error and success paths of setsspcomplete(). Other completion functions like setlecomplete() were fixed correctly in the same commit.
This causes a memory leak of the mgmtpendingcmd structure and its associated parameter data for each SSP command that completes.
Add the missing mgmtpendingfree(cmd) calls in both code paths to fix the memory leak. Also fix the same issue in setadvertisingcomplete().
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23151.json", "cna_assigner": "Linux" }- References
-
- https://git.kernel.org/stable/c/1850a558d116d7e3e2ef36d06a56f59b640cc214
- https://git.kernel.org/stable/c/1b9c17fd0a7fdcbe69ec5d6fe8e50bc5ed7f01f2
- https://git.kernel.org/stable/c/3b6318505378828ee415d6ef678db6a74c077504
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23151.json
- https://nvd.nist.gov/vuln/detail/CVE-2026-23151
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedd71b98f253b079cbadc83266383f26fe7e9e103bFixed1850a558d116d7e3e2ef36d06a56f59b640cc214
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced302a1f674c00dd5581ab8e493ef44767c5101aabFixed3b6318505378828ee415d6ef678db6a74c077504Fixed1b9c17fd0a7fdcbe69ec5d6fe8e50bc5ed7f01f2
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected87a1f16f07c6c43771754075e08f45b41d237421