In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: fix memory leak in error path of hciallocdev()
Early failures in Bluetooth HCI UART configuration leak SRCU percpu memory.
When device initialization fails before hciregisterdev() completes, the HCIUNREGISTER flag is never set. As a result, when the device reference count reaches zero, bthost_release() evaluates this flag as false and falls back to a direct kfree(hdev).
Because hcireleasedev() is bypassed, the SRCU struct initialized early in hciallocdev() is never cleaned up, resulting in a leak of percpu memory.
Fix the leak by explicitly calling cleanupsrcustruct() in the fallback (unregistered) branch of bthostrelease() before freeing the device.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/53xxx/CVE-2026-53252.json",
"cna_assigner": "Linux"
}