CVE-2026-43069
Analyzed Analyzed - Analysis Complete
Bluetooth Firmware Leak in Linux Kernel

Publication date: 2026-05-05

Last updated on: 2026-05-29

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_ll: Fix firmware leak on error path Smatch reports: drivers/bluetooth/hci_ll.c:587 download_firmware() warn: 'fw' from request_firmware() not released on lines: 544. In download_firmware(), if request_firmware() succeeds but the returned firmware content is invalid (no data or zero size), the function returns without releasing the firmware, resulting in a resource leak. Fix this by calling release_firmware() before returning when request_firmware() succeeded but the firmware content is invalid.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-05
Last Modified
2026-05-29
Generated
2026-06-16
AI Q&A
2026-05-05
EPSS Evaluated
2026-06-15
NVD
CVE-2026-43069
EUVD
EUVD-2026-27371
Affected Vendors & Products
Showing 12 associated CPEs
Vendor Product Version / Range
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel From 5.11 (inc) to 5.15.203 (exc)
linux linux_kernel From 5.16 (inc) to 6.1.168 (exc)
linux linux_kernel From 6.13 (inc) to 6.18.21 (exc)
linux linux_kernel From 6.19 (inc) to 6.19.11 (exc)
linux linux_kernel From 6.2 (inc) to 6.6.131 (exc)
linux linux_kernel From 6.7 (inc) to 6.12.80 (exc)
linux linux_kernel From 4.12 (inc) to 5.10.253 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-401 The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Mitigation Strategies

The vulnerability is fixed in the Linux kernel by ensuring that release_firmware() is called when the firmware content is invalid after a successful request_firmware() call. To mitigate this vulnerability, you should update your Linux kernel to a version that includes this fix.

  • Check your current Linux kernel version.
  • Update the Linux kernel to the latest available version that contains the fix for the Bluetooth hci_ll firmware leak.
  • Reboot the system after the kernel update to apply the changes.
Executive Summary

This vulnerability exists in the Linux kernel's Bluetooth component, specifically in the hci_ll.c file within the download_firmware() function.

When the function request_firmware() successfully returns firmware data that is invalid (such as having no data or zero size), the firmware resource is not released properly. This causes a resource leak because release_firmware() is not called before the function returns.

The issue was fixed by ensuring that release_firmware() is called to free the firmware resource when invalid firmware content is detected after a successful request.

Impact Analysis

This vulnerability can lead to a resource leak in the Linux kernel's Bluetooth firmware handling.

Resource leaks can cause increased memory usage or depletion of system resources over time, potentially leading to degraded system performance or instability.

In environments where Bluetooth firmware is frequently updated or loaded, this could result in system slowdowns or crashes if the leak accumulates.

Compliance Impact

The provided information does not specify any impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-43069. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart