{"id":"CVE-2026-43069","summary":"Bluetooth: hci_ll: Fix firmware leak on error path","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_ll: Fix firmware leak on error path\n\nSmatch reports:\n\ndrivers/bluetooth/hci_ll.c:587 download_firmware() warn:\n'fw' from request_firmware() not released on lines: 544.\n\nIn download_firmware(), if request_firmware() succeeds but the returned\nfirmware content is invalid (no data or zero size), the function returns\nwithout releasing the firmware, resulting in a resource leak.\n\nFix this by calling release_firmware() before returning when\nrequest_firmware() succeeded but the firmware content is invalid.","modified":"2026-07-15T01:49:17.902883939Z","published":"2026-05-05T15:23:28.120Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/43xxx/CVE-2026-43069.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/28904375d54b436a757641fb0331537778c0de5a"},{"type":"WEB","url":"https://git.kernel.org/stable/c/31148a7be723aa9f2e8fbd62424825ab8d577973"},{"type":"WEB","url":"https://git.kernel.org/stable/c/5213ef54528dd1ac79b846e30d8f72ce092794aa"},{"type":"WEB","url":"https://git.kernel.org/stable/c/95e8601af227b2b4390eecf8db6abdb9f6a91f17"},{"type":"WEB","url":"https://git.kernel.org/stable/c/9ecbfd93cd6de6c78cb7fd51fe079e36c7ff074b"},{"type":"WEB","url":"https://git.kernel.org/stable/c/a7803df606a7d22e896b030f619e1d9d20ae0c6b"},{"type":"WEB","url":"https://git.kernel.org/stable/c/b2dfbf1b5ff192cefd49574b951a4af9ddd32213"},{"type":"WEB","url":"https://git.kernel.org/stable/c/e6d95488c8c964d1df0d3e1db44c958706311e86"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/43xxx/CVE-2026-43069.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43069"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"371805522f870986144fcd88727a47858e364a2c"},{"fixed":"95e8601af227b2b4390eecf8db6abdb9f6a91f17"},{"fixed":"e6d95488c8c964d1df0d3e1db44c958706311e86"},{"fixed":"b2dfbf1b5ff192cefd49574b951a4af9ddd32213"},{"fixed":"28904375d54b436a757641fb0331537778c0de5a"},{"fixed":"5213ef54528dd1ac79b846e30d8f72ce092794aa"},{"fixed":"9ecbfd93cd6de6c78cb7fd51fe079e36c7ff074b"},{"fixed":"a7803df606a7d22e896b030f619e1d9d20ae0c6b"},{"fixed":"31148a7be723aa9f2e8fbd62424825ab8d577973"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-43069.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"4.12.0"},{"fixed":"5.10.253"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.11.0"},{"fixed":"5.15.203"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.16.0"},{"fixed":"6.1.168"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.2.0"},{"fixed":"6.6.131"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.7.0"},{"fixed":"6.12.80"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.13.0"},{"fixed":"6.18.21"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.19.0"},{"fixed":"6.19.11"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-43069.json"}}],"schema_version":"1.7.5"}