diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
index 6643c9c20fa4..5b83473d51b5 100644
--- a/net/bluetooth/hci_event.c
+++ b/net/bluetooth/hci_event.c
@@ -6795,8 +6795,16 @@ static void hci_le_cis_estabilished_evt(struct hci_dev *hdev, void *data,
 
 	if (!ev->status) {
 		conn->state = BT_CONNECTED;
-		hci_debugfs_create_conn(conn);
-		hci_conn_add_sysfs(conn);
+
+		/* Only ISO_LINK link type need to register connection device
+		 * here, others will register in their relative
+		 * Connection Complete events
+		 */
+		if (conn->type == ISO_LINK) {
+			hci_debugfs_create_conn(conn);
+			hci_conn_add_sysfs(conn);
+		}
+
 		hci_iso_setup_path(conn);
 		goto unlock;
 	}
@@ -6901,8 +6909,16 @@ static void hci_le_create_big_complete_evt(struct hci_dev *hdev, void *data,
 
 	if (!ev->status) {
 		conn->state = BT_CONNECTED;
-		hci_debugfs_create_conn(conn);
-		hci_conn_add_sysfs(conn);
+
+		/* Only ISO_LINK link type need to register connection device
+		 * here, others will register in their relative
+		 * Connection Complete events
+		 */
+		if (conn->type == ISO_LINK) {
+			hci_debugfs_create_conn(conn);
+			hci_conn_add_sysfs(conn);
+		}
+
 		hci_iso_setup_path(conn);
 		goto unlock;
 	}
diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
index 5b83473d51b5..f6b62cfcf082 100644
--- a/net/bluetooth/hci_event.c
+++ b/net/bluetooth/hci_event.c
@@ -6794,6 +6794,14 @@ static void hci_le_cis_estabilished_evt(struct hci_dev *hdev, void *data,
 	}
 
 	if (!ev->status) {
+		/* The HCI_LE_CIS_Estabilished event is only sent once per connection.
+		 * Processing it more than once per connection can corrupt kernel memory.
+		 *
+		 * As the connection state is set here for the first time, it indicates
+		 * whether the connection is already set up.
+		 */
+		if (conn->state == BT_CONNECTED)
+			goto unlock;
 		conn->state = BT_CONNECTED;
 
 		/* Only ISO_LINK link type need to register connection device
@@ -6908,6 +6916,14 @@ static void hci_le_create_big_complete_evt(struct hci_dev *hdev, void *data,
 		conn->handle = __le16_to_cpu(ev->bis_handle[0]);
 
 	if (!ev->status) {
+		/* The HCI_LE_Create_BIG_Complete event is only sent once per connection.
+		 * Processing it more than once per connection can corrupt kernel memory.
+		 *
+		 * As the connection state is set here for the first time, it indicates
+		 * whether the connection is already set up.
+		 */
+		if (conn->state == BT_CONNECTED)
+			goto unlock;
 		conn->state = BT_CONNECTED;
 
 		/* Only ISO_LINK link type need to register connection device