Missing Release of Resource after Effective Lifetime Affecting perf package, versions *


Severity

Recommended
low

Based on CentOS security rating.

Threat Intelligence

EPSS
0.16% (6th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-CENTOS10-PERF-17973752
  • published15 Jul 2026
  • disclosed13 Jul 2026

Introduced: 13 Jul 2026

NewCVE-2026-53364  (opens in a new tab)
CWE-772  (opens in a new tab)

How to fix?

There is no fixed version for Centos:10 perf.

NVD Description

Note: Versions mentioned in the description apply only to the upstream perf package and not the perf package as distributed by Centos. See How to fix? for Centos:10 relevant fixed versions and status.

In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: hci_conn: Fix memory leak in hci_le_big_terminate()

hci_le_big_terminate() allocates iso_list_data via kzalloc_obj but returns 0 without freeing it when neither pa_sync_term nor big_sync_term flags are set after evaluating the PA and BIG sync connection state.

This early-return path was introduced when hci_le_big_terminate() was refactored to take struct hci_conn instead of raw u8 parameters, adding PA/BIG flag evaluation logic. The existing kfree() on hci_cmd_sync_queue failure does not cover this path.

CVSS Base Scores

version 3.1