Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

CVE-2026-53073— Bluetooth: hci_ldisc: Clear HCI_UART_PROTO_INIT on error

AI Predicted 4.4 Difficulty: Hard EPSS 0.17% · P7

Possible ATT&CK Techniques 1AI

T1190 · Exploit Public-Facing Application

Affected Version Matrix 29

VendorProductVersion RangeStatus
LinuxLinuxa40f94f7caa8d3421b64f63ac31bc0f24c890f39< ebb39b2d81731b83ee71a1ba6dd0291a57b5ac07affected
9e5a0f5777162e503400c70c6ed25fbbe2d38799< ed4033fb85ccaaf6c3983be3c7b037e48253d232affected
80f14e9de6a43a0bd8194cad1003a3e6dcbc3984< 356dee1bcac4d0d9152390561fa63331ebff211baffected
02e1bcdfdf769974e7e9fa285e295cd9852e2a38< a673cf6c4ac702cb79ac1f4d7fc4de763a6a3e40affected
281782d2c6730241e300d630bb9f200d831ede71< f4b69c35813c432973d340d3600c01de106ed474affected
5df5dafc171b90d0b8d51547a82657cd5a1986c7< 3daa5818e473ed60eb69d8b5c71b651909d28c5aaffected
5df5dafc171b90d0b8d51547a82657cd5a1986c7< 194f029a4d7f739e44ebc1f473120187b4de5104affected
5df5dafc171b90d0b8d51547a82657cd5a1986c7< 68d39ea5e0adc9ecaea1ce8abd842ec972eb8718affected
… +21 more rows
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-53073

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Bluetooth: hci_ldisc: Clear HCI_UART_PROTO_INIT on error
Source: NVD (National Vulnerability Database)
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_ldisc: Clear HCI_UART_PROTO_INIT on error When hci_register_dev() fails in hci_uart_register_dev() HCI_UART_PROTO_INIT is not cleared before calling hu->proto->close(hu) and setting hu->hdev to NULL. This means incoming UART data will reach the protocol-specific recv handler in hci_uart_tty_receive() after resources are freed. Clear HCI_UART_PROTO_INIT with a write lock before calling hu->proto->close() and setting hu->hdev to NULL. The write lock ensures all active readers have completed and no new reader can enter the protocol recv path before resources are freed. This allows the protocol-specific recv functions to remove the "HCI_UART_REGISTERED" guard without risking a null pointer dereference if hci_register_dev() fails.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Linux kernel 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Linux kernel是美国Linux基金会开源的操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于hci_ldisc中错误处理不当,未在调用hu->proto->close()前清除HCI_UART_PROTO_INIT标志,可能导致UART数据在资源释放后访问协议接收处理器,造成空指针取消引用。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
LinuxLinux a40f94f7caa8d3421b64f63ac31bc0f24c890f39 ~ ebb39b2d81731b83ee71a1ba6dd0291a57b5ac07 -
LinuxLinux 6.15 -

II. Public POCs for CVE-2026-53073

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-53073

登录查看更多情报信息。

Patches & Fixes for CVE-2026-53073 (8)

Same Patch Batch · Linux · 2026-06-24 · 219 CVEs total

CVE-2026-529869.8 CRITICALnetfilter: nf_conntrack_sip: don't use simple_strtoul
CVE-2026-530469.8 CRITICALksmbd: fix use-after-free from async crypto on Qualcomm crypto engine
CVE-2026-529559.8 CRITICALlibceph: Fix potential out-of-bounds access in crush_decode()
CVE-2026-530459.8 CRITICALmemory: tegra124-emc: Fix dll_change check
CVE-2026-530499.8 CRITICALgfs2: add some missing log locking
CVE-2026-530109.8 CRITICALksmbd: fix use-after-free in smb2_open during durable reconnect
CVE-2026-530889.8 CRITICALnet: bcmgenet: fix off-by-one in bcmgenet_put_txcb
CVE-2026-530069.8 CRITICALipv6: fix possible UAF in icmpv6_rcv()
CVE-2026-529829.8 CRITICALnet: usb: rtl8150: fix use-after-free in rtl8150_start_xmit()
CVE-2026-530029.8 CRITICALnetfilter: conntrack: remove sprintf usage
CVE-2026-530869.8 CRITICALnet: bcmgenet: fix racing timeout handler
CVE-2026-529149.8 CRITICALbatman-adv: fix fragment reassembly length accounting
CVE-2026-529939.8 CRITICALtipc: fix double-free in tipc_buf_append()
CVE-2026-529319.8 CRITICALbatman-adv: tp_meter: avoid use of uninit sender vars
CVE-2026-530559.8 CRITICALcrypto: hisilicon/sec2 - prevent req used-after-free for sec
CVE-2026-529249.8 CRITICALsctp: purge outqueue on stale COOKIE-ECHO handling
CVE-2026-529899.8 CRITICALnvmet-tcp: propagate nvmet_tcp_build_pdu_iovec() errors to its callers
CVE-2026-529999.1 CRITICALnetfilter: nfnetlink_osf: fix out-of-bounds read on option matching
CVE-2026-529589.1 CRITICALlibceph: Fix potential out-of-bounds access in osdmap_decode()
CVE-2026-530439.1 CRITICALocfs2/dlm: validate qr_numregions in dlm_match_regions()

Showing top 20 of 219 CVEs. View all on vendor page &rarr; →

IV. Related Vulnerabilities

V. Comments for CVE-2026-53073

No comments yet


Leave a comment