CVE-2026-53073

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_ldisc: Clear HCI_UART_PROTO_INIT on error When hci_register_dev() fails in hci_uart_register_dev() HCI_UART_PROTO_INIT is not cleared before calling hu->proto->close(hu) and setting hu->hdev to NULL. This means incoming UART data will reach the protocol-specific recv handler in hci_uart_tty_receive() after resources are freed. Clear HCI_UART_PROTO_INIT with a write lock before calling hu->proto->close() and setting hu->hdev to NULL. The write lock ensures all active readers have completed and no new reader can enter the protocol recv path before resources are freed. This allows the protocol-specific recv functions to remove the "HCI_UART_REGISTERED" guard without risking a null pointer dereference if hci_register_dev() fails.
CVSS

No CVSS.

Configurations

No configuration.

History

24 Jun 2026, 17:17

Type Values Removed Values Added
New CVE

Information

Published : 2026-06-24 17:17

Updated : 2026-07-14 15:26


NVD link : CVE-2026-53073

Mitre link : CVE-2026-53073

CVE.ORG link : CVE-2026-53073


JSON object : View

Products Affected

No product.

CWE

No CWE.