{"api_version":"1","generated_at":"2026-05-06T03:48:48+00:00","cve":"CVE-2026-43069","urls":{"html":"https://cve.report/CVE-2026-43069","api":"https://cve.report/api/cve/CVE-2026-43069.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-43069","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-43069"},"summary":{"title":"Bluetooth: hci_ll: Fix firmware leak on error path","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_ll: Fix firmware leak on error path\n\nSmatch reports:\n\ndrivers/bluetooth/hci_ll.c:587 download_firmware() warn:\n'fw' from request_firmware() not released on lines: 544.\n\nIn download_firmware(), if request_firmware() succeeds but the returned\nfirmware content is invalid (no data or zero size), the function returns\nwithout releasing the firmware, resulting in a resource leak.\n\nFix this by calling release_firmware() before returning when\nrequest_firmware() succeeded but the firmware content is invalid.","state":"PUBLISHED","assigner":"Linux","published_at":"2026-05-05 16:16:16","updated_at":"2026-05-05 16:16:16"},"problem_types":[],"metrics":[],"references":[{"url":"https://git.kernel.org/stable/c/31148a7be723aa9f2e8fbd62424825ab8d577973","name":"https://git.kernel.org/stable/c/31148a7be723aa9f2e8fbd62424825ab8d577973","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/95e8601af227b2b4390eecf8db6abdb9f6a91f17","name":"https://git.kernel.org/stable/c/95e8601af227b2b4390eecf8db6abdb9f6a91f17","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/a7803df606a7d22e896b030f619e1d9d20ae0c6b","name":"https://git.kernel.org/stable/c/a7803df606a7d22e896b030f619e1d9d20ae0c6b","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/5213ef54528dd1ac79b846e30d8f72ce092794aa","name":"https://git.kernel.org/stable/c/5213ef54528dd1ac79b846e30d8f72ce092794aa","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/e6d95488c8c964d1df0d3e1db44c958706311e86","name":"https://git.kernel.org/stable/c/e6d95488c8c964d1df0d3e1db44c958706311e86","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/b2dfbf1b5ff192cefd49574b951a4af9ddd32213","name":"https://git.kernel.org/stable/c/b2dfbf1b5ff192cefd49574b951a4af9ddd32213","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/28904375d54b436a757641fb0331537778c0de5a","name":"https://git.kernel.org/stable/c/28904375d54b436a757641fb0331537778c0de5a","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/9ecbfd93cd6de6c78cb7fd51fe079e36c7ff074b","name":"https://git.kernel.org/stable/c/9ecbfd93cd6de6c78cb7fd51fe079e36c7ff074b","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-43069","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43069","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 371805522f870986144fcd88727a47858e364a2c 95e8601af227b2b4390eecf8db6abdb9f6a91f17 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 371805522f870986144fcd88727a47858e364a2c e6d95488c8c964d1df0d3e1db44c958706311e86 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 371805522f870986144fcd88727a47858e364a2c b2dfbf1b5ff192cefd49574b951a4af9ddd32213 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 371805522f870986144fcd88727a47858e364a2c 28904375d54b436a757641fb0331537778c0de5a git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 371805522f870986144fcd88727a47858e364a2c 5213ef54528dd1ac79b846e30d8f72ce092794aa git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 371805522f870986144fcd88727a47858e364a2c 9ecbfd93cd6de6c78cb7fd51fe079e36c7ff074b git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 371805522f870986144fcd88727a47858e364a2c a7803df606a7d22e896b030f619e1d9d20ae0c6b git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 371805522f870986144fcd88727a47858e364a2c 31148a7be723aa9f2e8fbd62424825ab8d577973 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 4.12","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 4.12 semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 5.10.253 5.10.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 5.15.203 5.15.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.1.168 6.1.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.6.131 6.6.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.12.80 6.12.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.18.21 6.18.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.19.11 6.19.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 7.0 * original_commit_for_fix","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"Linux","programFiles":["drivers/bluetooth/hci_ll.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","vendor":"Linux","versions":[{"lessThan":"95e8601af227b2b4390eecf8db6abdb9f6a91f17","status":"affected","version":"371805522f870986144fcd88727a47858e364a2c","versionType":"git"},{"lessThan":"e6d95488c8c964d1df0d3e1db44c958706311e86","status":"affected","version":"371805522f870986144fcd88727a47858e364a2c","versionType":"git"},{"lessThan":"b2dfbf1b5ff192cefd49574b951a4af9ddd32213","status":"affected","version":"371805522f870986144fcd88727a47858e364a2c","versionType":"git"},{"lessThan":"28904375d54b436a757641fb0331537778c0de5a","status":"affected","version":"371805522f870986144fcd88727a47858e364a2c","versionType":"git"},{"lessThan":"5213ef54528dd1ac79b846e30d8f72ce092794aa","status":"affected","version":"371805522f870986144fcd88727a47858e364a2c","versionType":"git"},{"lessThan":"9ecbfd93cd6de6c78cb7fd51fe079e36c7ff074b","status":"affected","version":"371805522f870986144fcd88727a47858e364a2c","versionType":"git"},{"lessThan":"a7803df606a7d22e896b030f619e1d9d20ae0c6b","status":"affected","version":"371805522f870986144fcd88727a47858e364a2c","versionType":"git"},{"lessThan":"31148a7be723aa9f2e8fbd62424825ab8d577973","status":"affected","version":"371805522f870986144fcd88727a47858e364a2c","versionType":"git"}]},{"defaultStatus":"affected","product":"Linux","programFiles":["drivers/bluetooth/hci_ll.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","vendor":"Linux","versions":[{"status":"affected","version":"4.12"},{"lessThan":"4.12","status":"unaffected","version":"0","versionType":"semver"},{"lessThanOrEqual":"5.10.*","status":"unaffected","version":"5.10.253","versionType":"semver"},{"lessThanOrEqual":"5.15.*","status":"unaffected","version":"5.15.203","versionType":"semver"},{"lessThanOrEqual":"6.1.*","status":"unaffected","version":"6.1.168","versionType":"semver"},{"lessThanOrEqual":"6.6.*","status":"unaffected","version":"6.6.131","versionType":"semver"},{"lessThanOrEqual":"6.12.*","status":"unaffected","version":"6.12.80","versionType":"semver"},{"lessThanOrEqual":"6.18.*","status":"unaffected","version":"6.18.21","versionType":"semver"},{"lessThanOrEqual":"6.19.*","status":"unaffected","version":"6.19.11","versionType":"semver"},{"lessThanOrEqual":"*","status":"unaffected","version":"7.0","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"cpeMatch":[{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"5.10.253","versionStartIncluding":"4.12","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"5.15.203","versionStartIncluding":"4.12","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.1.168","versionStartIncluding":"4.12","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.6.131","versionStartIncluding":"4.12","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.12.80","versionStartIncluding":"4.12","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.18.21","versionStartIncluding":"4.12","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.19.11","versionStartIncluding":"4.12","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"7.0","versionStartIncluding":"4.12","vulnerable":true}],"negate":false,"operator":"OR"}]}],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_ll: Fix firmware leak on error path\n\nSmatch reports:\n\ndrivers/bluetooth/hci_ll.c:587 download_firmware() warn:\n'fw' from request_firmware() not released on lines: 544.\n\nIn download_firmware(), if request_firmware() succeeds but the returned\nfirmware content is invalid (no data or zero size), the function returns\nwithout releasing the firmware, resulting in a resource leak.\n\nFix this by calling release_firmware() before returning when\nrequest_firmware() succeeded but the firmware content is invalid."}],"providerMetadata":{"dateUpdated":"2026-05-05T15:23:28.120Z","orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux"},"references":[{"url":"https://git.kernel.org/stable/c/95e8601af227b2b4390eecf8db6abdb9f6a91f17"},{"url":"https://git.kernel.org/stable/c/e6d95488c8c964d1df0d3e1db44c958706311e86"},{"url":"https://git.kernel.org/stable/c/b2dfbf1b5ff192cefd49574b951a4af9ddd32213"},{"url":"https://git.kernel.org/stable/c/28904375d54b436a757641fb0331537778c0de5a"},{"url":"https://git.kernel.org/stable/c/5213ef54528dd1ac79b846e30d8f72ce092794aa"},{"url":"https://git.kernel.org/stable/c/9ecbfd93cd6de6c78cb7fd51fe079e36c7ff074b"},{"url":"https://git.kernel.org/stable/c/a7803df606a7d22e896b030f619e1d9d20ae0c6b"},{"url":"https://git.kernel.org/stable/c/31148a7be723aa9f2e8fbd62424825ab8d577973"}],"title":"Bluetooth: hci_ll: Fix firmware leak on error path","x_generator":{"engine":"bippy-1.2.0"}}},"cveMetadata":{"assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","assignerShortName":"Linux","cveId":"CVE-2026-43069","datePublished":"2026-05-05T15:23:28.120Z","dateReserved":"2026-05-01T14:12:55.982Z","dateUpdated":"2026-05-05T15:23:28.120Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-05-05 16:16:16","lastModifiedDate":"2026-05-05 16:16:16","problem_types":[],"metrics":[],"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"43069","Ordinal":"1","Title":"Bluetooth: hci_ll: Fix firmware leak on error path","CVE":"CVE-2026-43069","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"43069","Ordinal":"1","NoteData":"In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_ll: Fix firmware leak on error path\n\nSmatch reports:\n\ndrivers/bluetooth/hci_ll.c:587 download_firmware() warn:\n'fw' from request_firmware() not released on lines: 544.\n\nIn download_firmware(), if request_firmware() succeeds but the returned\nfirmware content is invalid (no data or zero size), the function returns\nwithout releasing the firmware, resulting in a resource leak.\n\nFix this by calling release_firmware() before returning when\nrequest_firmware() succeeded but the firmware content is invalid.","Type":"Description","Title":"Bluetooth: hci_ll: Fix firmware leak on error path"}]}}}