CVE-2026-53073

In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: hci ldisc: Clear HCI UART PROTO INIT on error

When hci register dev() fails in hci uart register dev() HCI UART PROTO INIT is not cleared before calling hu->proto->close(hu) and setting hu->hdev to NULL. This means incoming UART data will reach the protocol-specific recv handler in hci uart tty receive() after resources are freed.

Clear HCI UART PROTO INIT with a write lock before calling hu->proto->close() and setting hu->hdev to NULL. The write lock ensures all active readers have completed and no new reader can enter the protocol recv path before resources are freed.

This allows the protocol-specific recv functions to remove the "HCI UART REGISTERED" guard without risking a null pointer dereference if hci register dev() fails.