CVE-2026-43069
MEDIUM EPSS 1.8%
Published May 5, 20261mo ago · Modified Jun 17, 20262w ago
5.5 CVSS 3.1
Published May 5, 2026 1mo ago
Last Modified Jun 17, 2026 2w ago
Description
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_ll: Fix firmware leak on error path Smatch reports: drivers/bluetooth/hci_ll.c:587 download_firmware() warn: 'fw' from request_firmware() not released on lines: 544. In download_firmware(), if request_firmware() succeeds but the returned firmware content is invalid (no data or zero size), the function returns without releasing the firmware, resulting in a resource leak. Fix this by calling release_firmware() before returning when request_firmware() succeeded but the firmware content is invalid.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High
Threat Intelligence
EPSS Exploit Probability
1.8% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-401
Affected Products 12
| Vendor | Product | Version | Range |
|---|---|---|---|
| linux | linux_kernel | * | ≥4.12 – <5.10.253 |
| linux | linux_kernel | * | ≥5.11 – <5.15.203 |
| linux | linux_kernel | * | ≥5.16 – <6.1.168 |
| linux | linux_kernel | * | ≥6.2 – <6.6.131 |
| linux | linux_kernel | * | ≥6.7 – <6.12.80 |
| linux | linux_kernel | * | ≥6.13 – <6.18.21 |
| linux | linux_kernel | * | ≥6.19 – <6.19.11 |
| linux | linux_kernel | 7.0 | any |
| linux | linux_kernel | 7.0 | any |
| linux | linux_kernel | 7.0 | any |
| linux | linux_kernel | 7.0 | any |
| linux | linux_kernel | 7.0 | any |
References 8
- git.kernel.org https://git.kernel.org/stable/c/28904375d54b436a757641fb0331537778c0de5a
- git.kernel.org https://git.kernel.org/stable/c/31148a7be723aa9f2e8fbd62424825ab8d577973
- git.kernel.org https://git.kernel.org/stable/c/5213ef54528dd1ac79b846e30d8f72ce092794aa
- git.kernel.org https://git.kernel.org/stable/c/95e8601af227b2b4390eecf8db6abdb9f6a91f17
- git.kernel.org https://git.kernel.org/stable/c/9ecbfd93cd6de6c78cb7fd51fe079e36c7ff074b
- git.kernel.org https://git.kernel.org/stable/c/a7803df606a7d22e896b030f619e1d9d20ae0c6b
- git.kernel.org https://git.kernel.org/stable/c/b2dfbf1b5ff192cefd49574b951a4af9ddd32213
- git.kernel.org https://git.kernel.org/stable/c/e6d95488c8c964d1df0d3e1db44c958706311e86
Remediation
- git.kernel.org https://git.kernel.org/stable/c/28904375d54b436a757641fb0331537778c0de5a
- git.kernel.org https://git.kernel.org/stable/c/31148a7be723aa9f2e8fbd62424825ab8d577973
- git.kernel.org https://git.kernel.org/stable/c/5213ef54528dd1ac79b846e30d8f72ce092794aa
- git.kernel.org https://git.kernel.org/stable/c/95e8601af227b2b4390eecf8db6abdb9f6a91f17
- git.kernel.org https://git.kernel.org/stable/c/9ecbfd93cd6de6c78cb7fd51fe079e36c7ff074b
- git.kernel.org https://git.kernel.org/stable/c/a7803df606a7d22e896b030f619e1d9d20ae0c6b
- git.kernel.org https://git.kernel.org/stable/c/b2dfbf1b5ff192cefd49574b951a4af9ddd32213
- git.kernel.org https://git.kernel.org/stable/c/e6d95488c8c964d1df0d3e1db44c958706311e86