Linux Kernel Bluetooth Firmware Leak Vulnerability in hci_ll Driver

A resource leak vulnerability has been identified in the Linux kernel Bluetooth controller interface, specifically within the hci_ll driver. This issue arises when the download_firmware() function successfully requests firmware but receives invalid content (either empty or zero-sized). In such cases, the function fails to release the firmware, leading to a resource leak. The vulnerability affects the Linux kernel stable tree.

Impact

The vulnerability causes a resource leak by failing to release firmware that was successfully requested but invalid, potentially leading to increased memory usage or other resource exhaustion issues.

Reproduction

The vulnerability can be reproduced by loading a Bluetooth device that uses the hci_ll driver and initiating a firmware download. If the firmware request is successful but the returned data is invalid (either empty or zero-sized), the download_firmware() function will return an error without releasing the firmware, creating a resource leak.

Remediation

The vulnerability has been addressed in the Linux kernel. Users should upgrade to the latest version where this issue has been fixed.