In the Linux kernel, the following vulnerability has been resolved: Bluetooth: iso: Always release hdev at the end of iso_listen_bis Since hci_get_route holds the device before returning, the hdev should be released with hci_dev_put at the end of iso_listen_bis even if the function returns with an error.
https://git.kernel.org/stable/c/9c76fff747a73ba01d1d87ed53dd9c00cb40ba05
https://git.kernel.org/stable/c/4ca50db1c567d658d173c5ef3ee6c52b0b03603c