CVE-2026-53364
Description
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_conn: Fix memory leak in hci_le_big_terminate() hci_le_big_terminate() allocates iso_list_data via kzalloc_obj but returns 0 without freeing it when neither pa_sync_term nor big_sync_term flags are set after evaluating the PA and BIG sync connection state. This early-return path was introduced when hci_le_big_terminate() was refactored to take struct hci_conn instead of raw u8 parameters, adding PA/BIG flag evaluation logic. The existing kfree() on hci_cmd_sync_queue failure does not cover this path.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Mitigation details
CVE-2026-53364 NameCVE-2026-53364 DescriptionIn the Linux kernel, the following vulnerability has been resolved: B ... SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) Vulnerable and fixed packages The table below lists information on source packages. Source PackageReleaseVersionStatus…
CVE-2026-53364
| Name | CVE-2026-53364 |
| Description | In the Linux kernel, the following vulnerability has been resolved: B ... |
| Source | CVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
Vulnerable and fixed packages
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|---|---|---|
| linux (PTS) | bullseye | 5.10.223-1 | fixed |
| bullseye (security) | 5.10.259-1 | fixed | |
| bookworm, bookworm (security) | 6.1.176-1 | fixed | |
| trixie | 6.12.94-1 | fixed | |
| trixie (security) | 6.12.95-1 | fixed | |
| forky, sid | 7.1.3-1 | fixed |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| linux | source | bullseye | (not affected) | |||
| linux | source | bookworm | (not affected) | |||
| linux | source | trixie | (not affected) | |||
| linux | source | (unstable) | 7.0.12-1 |
Notes
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
https://git.kernel.org/linus/bfa9d28960ed677d556bdf097073bc3129686229 (7.1-rc6)
Apply commands
[trixie] - linux <not-affected> (Vulnerable code not present)[bookworm] - linux <not-affected> (Vulnerable code not present)[bullseye] - linux <not-affected> (Vulnerable code not present)https://git.kernel.org/linus/bfa9d28960ed677d556bdf097073bc3129686229 (7.1-rc6)
OS impact
Debian Fixed 5 releases
| Version | Status | Fixed in |
|---|---|---|
| trixie | Fixed | 0 |
| sid | Fixed | 7.0.12-1 |
| forky | Fixed | 7.0.12-1 |
| bullseye | Fixed | 0 |
| bookworm | Fixed | 0 |
References
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.