Impact
A failure in the Bluetooth HCI UART initialization path in the Linux kernel can cause the SRCU structure allocated by hci_alloc_dev() not to be cleaned up when bt_host_release() is invoked before hci_register_dev() succeeds. The missing cleanup leaves per‑CPU memory allocated, which steadily accumulates as the device is repeatedly attempted to be provisioned and fails. This improper release of resources (CWE‑911) can result in kernel memory exhaustion, ultimately bringing the system to a denial‑of‑service state.
Affected Systems
All Linux kernel builds that include the Bluetooth subsystem prior to the fix commit are affected. The vulnerability exists in every distribution that ships the unsupported kernel version; any vendor using a kernel older than the applied patch is at risk.
Risk and Exploitability
The CVSS score of 5.5 indicates a medium severity, the EPSS score of < 1% suggests a low vulnerability is not listed in CISA KEV. The likely attack vector is local or privileged access required to force repeated HCI device initialization failures. The primary impact is memory exhaustion rather than confidentiality or integrity compromise.
OpenCVE Enrichment
Debian DLA