CVE-2026-53073
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_ldisc: Clear HCI_UART_PROTO_INIT on error When hci_register_dev() fails in hci_uart_register_dev() HCI_UART_PROTO_INIT is not cleared before calling hu->proto->close(hu) and setting hu->hdev to NULL. This means incoming UART data will reach the protocol-specific recv handler in hci_uart_tty_receive() after resources are freed. Clear HCI_UART_PROTO_INIT with a write lock before calling hu->proto->close() and setting hu->hdev to NULL. The write lock ensures all active readers have completed and no new reader can enter the protocol recv path before resources are freed. This allows the protocol-specific recv functions to remove the "HCI_UART_REGISTERED" guard without risking a null pointer dereference if hci_register_dev() fails.
Affected versions
Linux kernel versions
5.10.237,
5.15.181,
6.1.135,
6.6.88,
6.12.24,
5.4.293,
6.13.12,
6.14.3,
6.15
and later are affected. Fixed in
5.10.258,
5.15.209,
6.1.175,
6.6.141,
6.12.91,
6.18.33,
7.0.10,
7.1
and their respective stable series.
References
8 totalFrequently asked questions
-
What is CVE-2026-53073?
CVE-2026-53073 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 5.10.237 onward and has been patched in 5.10.258, 5.15.209, 6.1.175 and others. CVE-2026-53073 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
-
Is there a patch available for CVE-2026-53073?
Yes — CVE-2026-53073 has been patched. Fixed versions include 5.10.258, 5.15.209, 6.1.175 and others. If you are running Linux kernel 5.10.237 or later up to the fix versions, apply the relevant patch for your kernel branch.
-
Is CVE-2026-53073 actively exploited?
No — CVE-2026-53073 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.