CVE-2026-43069

CVE Database · CVE-2026-43069

CVE-2026-43069

· MEDIUMAnalyzed

CVSS v3.1

5.5

EPSS

0.11%

Published

May 5, 2026

Modified

May 29, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_ll: Fix firmware leak on error path Smatch reports: drivers/bluetooth/hci_ll.c:587 download_firmware() warn: 'fw' from request_firmware() not released on lines: 544. In download_firmware(), if request_firmware() succeeds but the returned firmware content is invalid (no data or zero size), the function returns without releasing the firmware, resulting in a resource leak. Fix this by calling release_firmware() before returning when request_firmware() succeeded but the firmware content is invalid.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Weaknesses (CWE)

CWE-401

Affected Products (12)

linux · linux_kernel (up to 5.10.253)vulnerable

linux · linux_kernel (up to 5.15.203)vulnerable

linux · linux_kernel (up to 6.1.168)vulnerable

linux · linux_kernel (up to 6.6.131)vulnerable

linux · linux_kernel (up to 6.12.80)vulnerable

linux · linux_kernel (up to 6.18.21)vulnerable

linux · linux_kernel (up to 6.19.11)vulnerable