PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-53364 Linux CVE debrief

A memory leak vulnerability was found in the Linux kernel's Bluetooth hci_conn component. The hci_le_big_terminate() function allocates memory via kzalloc_obj but fails to free it under certain conditions, leading to a potential memory leak. This vulnerability affects the Linux kernel and could potentially be used by attackers to exploit the Bluetooth component. The vulnerability has been resolved, but Linux kernel developers and maintainers should review and update the code to ensure proper memory management.

Vendor
Linux
Product
Unknown
CVSS
Unknown
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-13
Original CVE updated
2026-07-13
Advisory published
2026-07-13
Advisory updated
2026-07-13

Who should care

Linux kernel developers and maintainers, Bluetooth protocol experts, and organizations using Linux-based systems with Bluetooth capabilities should be aware of this vulnerability. They should review and update the Linux kernel Bluetooth hci_conn component code to ensure proper memory management and verify and validate memory allocation and deallocation in the hci_le_big_terminate() function.

Technical summary

The hci_le_big_terminate() function in the Linux kernel's Bluetooth hci_conn component allocates memory using kzalloc_obj but does not free it when neither pa_sync_term nor big_sync_term flags are set after evaluating the PA and BIG sync connection state. This early-return path was introduced during refactoring of hci_le_big_terminate() to take struct hci_conn instead of raw u8 parameters, adding PA/BIG flag evaluation logic. The existing kfree() on hci_cmd_sync_queue failure does not cover this path. The vulnerability has been resolved, but the specific details of the vulnerability and its impact are not publicly available.

Defensive priority

Medium

Recommended defensive actions

  • Review and update Linux kernel Bluetooth hci_conn component code to ensure proper memory management
  • Verify and validate memory allocation and deallocation in hci_le_big_terminate() function
  • Consider implementing additional monitoring and logging to detect potential memory leaks
  • Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
  • Review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance
  • Plan vendor-supported updates or mitigations through normal change control where exposure is confirmed
  • Check relevant monitoring, detection, and logs for exposed assets that need extra review

Evidence notes

The CVE record was published on 2026-07-13T18:16:28.297Z and has not been modified since then. The NVD entry is currently Received. There is limited information available about the vulnerability, and defenders should verify the affected scope and severity with the official CVE record. The Linux kernel's Bluetooth hci_conn component is affected, and the vulnerability has been resolved. However, the specific details of the vulnerability and its impact are not publicly available, and further verification is necessary.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-13T18:16:28.297Z and has not been modified since then.