CVE-2026-43021

MEDIUM

Bluetooth: hci_sync: fix leaks when hci_cmd_sync_queue_once fails

Title source: cna

Description

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_sync: fix leaks when hci_cmd_sync_queue_once fails When hci_cmd_sync_queue_once() returns with error, the destroy callback will not be called. Fix leaking references / memory on these failures.

References (2)

Core 2

Core References

https://git.kernel.org/stable/c/7fd74178d4b16dcf47179da634ea9d7c02e3608b

https://git.kernel.org/stable/c/aca377208e7f7322bf4e107cdec6e7d7e8aa7a88

Scores

CVSS v3 5.5

EPSS 0.0001

EPSS Percentile 3.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-401

Status published

Products (10)

Linux/Linux < 6.19

Linux/Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - 7fd74178d4b16dcf47179da634ea9d7c02e3608b

Linux/Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - aca377208e7f7322bf4e107cdec6e7d7e8aa7a88

Linux/Linux 6.19

Linux/Linux 6.19.12 - 6.19.*

Linux/Linux 7.0

Linux/Linux a106e50be74b0896583f4d010a69f9806e4194f4 - 7fd74178d4b16dcf47179da634ea9d7c02e3608b

Linux/Linux a106e50be74b0896583f4d010a69f9806e4194f4 - aca377208e7f7322bf4e107cdec6e7d7e8aa7a88

linux/linux_kernel 7.0 rc1 (6 CPE variants)

linux/linux_kernel 6.19 - 6.19.12

Published May 01, 2026

Tracked Since May 01, 2026