CVE-2026-43069
Description
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: hci_ll: Fix firmware leak on error path
Smatch reports:
drivers/bluetooth/hci_ll.c:587 download_firmware() warn: 'fw' from request_firmware() not released on lines: 544.
In download_firmware(), if request_firmware() succeeds but the returned firmware content is invalid (no data or zero size), the function returns without releasing the firmware, resulting in a resource leak.
Fix this by calling release_firmware() before returning when request_firmware() succeeded but the firmware content is invalid.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Linux kernel Bluetooth HCI LL driver memory leak when invalid firmware is loaded; fix adds missing release_firmware call.
This vulnerability is a resource leak in the Linux kernel's Bluetooth HCI LL driver (hci_ll.c). The download_firmware() function successfully requests a firmware file via request_firmware(), but if the firmware content is invalid (zero length or no data), the function returns without releasing the firmware buffer, causing a memory leak. This was detected by the static analysis tool Smatch [1].
To exploit this, an attacker must be able to trigger firmware loading on a Bluetooth HCI UART (LL) device, typically during device initialization. This could be achieved by providing a malformed firmware file or by having a compromised Bluetooth device. No authentication is required, but local access or physical proximity may be necessary.
The impact is a memory leak that, if triggered repeatedly, can lead to resource exhaustion and denial of service (DoS). The vulnerability does not allow code execution or privilege escalation.
The issue has been fixed in the Linux kernel stable tree. Multiple commits addressing this bug have been applied to various stable branches [1][2][3][4]. Users should update their kernel to include these fixes. No workarounds other than patching are known.
AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- git.kernel.org/stable/c/28904375d54b436a757641fb0331537778c0de5anvd
- git.kernel.org/stable/c/31148a7be723aa9f2e8fbd62424825ab8d577973nvd
- git.kernel.org/stable/c/5213ef54528dd1ac79b846e30d8f72ce092794aanvd
- git.kernel.org/stable/c/95e8601af227b2b4390eecf8db6abdb9f6a91f17nvd
- git.kernel.org/stable/c/9ecbfd93cd6de6c78cb7fd51fe079e36c7ff074bnvd
- git.kernel.org/stable/c/a7803df606a7d22e896b030f619e1d9d20ae0c6bnvd
- git.kernel.org/stable/c/b2dfbf1b5ff192cefd49574b951a4af9ddd32213nvd
- git.kernel.org/stable/c/e6d95488c8c964d1df0d3e1db44c958706311e86nvd
News mentions
0No linked articles in our index yet.