CVE-2026-53251
unknown
CVSS v3
โ
CVSS v4 NEW
โ
VIR risk
โ
Description
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ISO: Fix not releasing hdev reference on iso_conn_big_sync hci_get_route() returns a reference-counted hci_dev pointer via hci_dev_hold(). The function exits normally or with an error without ever releasing it.
Predictions
Exploit likelihood
20%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
OS impact
Debian Mixed 5 releases
| Version | Status | Fixed in |
|---|---|---|
| trixie | Fixed | 6.12.94-1 |
| sid | Fixed | 7.0.13-1 |
| forky | Affected | โ |
| bullseye | Fixed | 0 |
| bookworm | Fixed | 0 |
References
- https://git.kernel.org/stable/c/4bbec25f47b930101294fd310c627c3f53e9661f
- https://git.kernel.org/stable/c/33d677d2e3713d98012c3dbd4a9207f7d785b854
- https://git.kernel.org/stable/c/23e8eb16820b866528fb300dc67fe3f67f00ef62
- https://git.kernel.org/stable/c/5cbf290b79351971f20c7a533247e8d58a3f970c
- https://security-tracker.debian.org/tracker/CVE-2026-53251
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.