Linux Kernel Bluetooth Memory Leak Vulnerability in hci_conn Component

Vulnerability

A memory leak vulnerability has been identified in the Bluetooth subsystem of the Linux kernel. The issue arises in the hci_cmd_sync_queue() function when it fails during the hci_le_terminate_big() or hci_le_big_terminate() processes. In these scenarios, the memory referenced by variable 'd' is not properly released, leading to a memory leak. The vulnerability has been addressed by adding a release process to the error handling path.

Impact

Exploitation of this vulnerability leads to memory leaks, which can cause increased memory usage and potentially degrade system performance over time.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Bluetooth Memory Leak Vulnerability in hci_conn Component

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating