CVE-2026-53364 in Linux
Summary
by MITRE • 07/13/2026
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: hci_conn: Fix memory leak in hci_le_big_terminate()
hci_le_big_terminate() allocates iso_list_data via kzalloc_obj but returns 0 without freeing it when neither pa_sync_term nor big_sync_term flags are set after evaluating the PA and BIG sync connection state.
This early-return path was introduced when hci_le_big_terminate() was refactored to take struct hci_conn instead of raw u8 parameters, adding PA/BIG flag evaluation logic. The existing kfree() on hci_cmd_sync_queue failure does not cover this path.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 07/13/2026
The vulnerability in question resides within the Linux kernel's Bluetooth subsystem, specifically within the HCI (Host Controller Interface) connection management code. This memory leak occurs during the termination process of Bluetooth Low Energy Broadcast Intervals Groups, which are essential for transmitting audio and other data streams over Bluetooth connections. The issue manifests when the hci_le_big_terminate() function attempts to clean up resources associated with a Bluetooth connection but fails to properly release allocated memory under specific conditions.
The technical flaw stems from improper memory management within the hci_le_big_terminate() function where iso_list_data is allocated using kzalloc_obj, a kernel memory allocation function that initializes memory to zero. The vulnerability occurs when the function evaluates the PA (Periodic Advertising) and BIG (Broadcast Interval Group) synchronization connection states and determines that neither pa_sync_term nor big_sync_term flags are set. Under these circumstances, the function returns early with a value of 0 without executing the necessary cleanup routine to free the previously allocated iso_list_data memory. This represents a classic case of resource leak where allocated kernel memory remains unreleased, leading to gradual memory consumption over time.
The operational impact of this vulnerability extends beyond simple memory consumption issues as it affects system stability and performance in Bluetooth-enabled devices. When multiple Bluetooth connections are established and terminated repeatedly, particularly in environments with high connection activity such as smart speakers, wireless headphones, or automotive infotainment systems, the cumulative effect of these memory leaks can lead to system slowdowns, potential crashes, or even complete system hangs. The vulnerability is particularly concerning in embedded systems where memory resources are constrained, as it could lead to denial-of-service conditions that prevent legitimate Bluetooth operations from functioning properly.
This vulnerability aligns with CWE-401 (Improper Release of Memory Before Removing Last Reference) and represents a failure in proper resource management within kernel space. The issue demonstrates how refactoring operations can inadvertently introduce memory management gaps, particularly when complex state evaluation logic is added to existing functions. From an ATT&CK framework perspective, this vulnerability could be leveraged by adversaries to perform resource exhaustion attacks against Bluetooth-enabled systems, potentially leading to system instability or service disruption that could impact availability for legitimate users.
The fix for this vulnerability involves adding proper memory cleanup logic to the early return path within hci_le_big_terminate(), ensuring that iso_list_data is freed regardless of which code path is taken during the function execution. This requires implementing a kfree() call before the function returns when the specific flag conditions are not met, effectively closing the resource leak gap introduced during the refactoring process. System administrators should ensure that affected kernel versions are updated promptly to address this memory leak vulnerability and maintain optimal system performance and stability in Bluetooth-enabled environments.