CVE-2026-23151

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> Bluetooth: MGMT: Fix memory leak in set_ssp_complete<br /> <br /> Fix memory leak in set_ssp_complete() where mgmt_pending_cmd structures<br /> are not freed after being removed from the pending list.<br /> <br /> Commit 302a1f674c00 ("Bluetooth: MGMT: Fix possible UAFs") replaced<br /> mgmt_pending_foreach() calls with individual command handling but missed<br /> adding mgmt_pending_free() calls in both error and success paths of<br /> set_ssp_complete(). Other completion functions like set_le_complete()<br /> were fixed correctly in the same commit.<br /> <br /> This causes a memory leak of the mgmt_pending_cmd structure and its<br /> associated parameter data for each SSP command that completes.<br /> <br /> Add the missing mgmt_pending_free(cmd) calls in both code paths to fix<br /> the memory leak. Also fix the same issue in set_advertising_complete().