Skip to main content

Linux Kernel CVE-2026-53251

| EUVDEUVD-2026-39202 MEDIUM
Missing Release of Resource after Effective Lifetime (CWE-772)
2026-06-25 416baaa9-dc9f-4396-8d5f-8c081fb06d67 GHSA-q6x9-g333-77r4
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
vuln.today AI
5.5 MEDIUM

Local socket access with low privileges triggers the leak; no confidentiality or integrity impact, only availability via resource exhaustion.

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jul 08, 2026 - 17:28 vuln.today
CVSS changed
Jul 08, 2026 - 16:52 NVD
5.5 (MEDIUM)
Patch available
Jun 25, 2026 - 10:32 EUVD
CVE Published
Jun 25, 2026 - 09:16 nvd
MEDIUM 5.5
CVE Published
Jun 25, 2026 - 09:16 cve.org
UNKNOWN (no severity yet)

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: ISO: Fix not releasing hdev reference on iso_conn_big_sync

hci_get_route() returns a reference-counted hci_dev pointer via hci_dev_hold(). The function exits normally or with an error without ever releasing it.

AnalysisAI

Reference leak in the Linux kernel Bluetooth ISO subsystem allows a local low-privileged user to exhaust kernel resources and cause a denial of service. The iso_conn_big_sync function acquires an hci_dev reference via hci_dev_hold() through hci_get_route() but never releases it, violating the borrow contract. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Gain local shell with low privileges
Delivery
Open Bluetooth ISO socket
Exploit
Invoke BIG sync operation repeatedly
Execution
Leak hci_dev reference each iteration
Persist
Exhaust slab/kernel memory
Impact
Trigger system hang or kernel panic

Vulnerability AssessmentAI

Exploitation Requires local authenticated access with at minimum CAP_NET_RAW or the ability to create Bluetooth sockets (PR:L). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 score of 5.5 (Medium) with vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H is internally consistent: local access with low privileges is sufficient, no user interaction is needed, and the sole impact is high availability (DoS). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A local unprivileged user on a Linux system with a Bluetooth adapter writes a small program that repeatedly opens an ISO Bluetooth socket and invokes the BIG synchronization operation, intentionally never cleaning up, to trigger the reference leak in `iso_conn_big_sync`. Each call leaks one `hci_dev` reference; after thousands of iterations the `hci_dev` slab allocation grows without bound, eventually exhausting kernel memory and causing the system to hang or panic. …
Remediation Update to a patched stable kernel release: Linux 6.12.94, 7.0.13, 7.1 (final), or 6.18.36 as appropriate for the deployed series. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-53251 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy