CVE-2023-53386: 
Linux Kernel vulnerability analysis and mitigation

CVE-2023-53386 is a vulnerability discovered in the Linux kernel's Bluetooth subsystem, specifically related to a potential use-after-free condition when clearing keys. The issue was identified and disclosed on September 18, 2025, and is similar to a previously fixed vulnerability (commit c5d2b6fa26b5) involving use-after-free in hciremoveltk/hciremoveirk functions (NVD).

The vulnerability stems from improper memory handling in the Bluetooth subsystem where a key object ('k') is accessed after being freed through kfree_rcu() call. This creates a use-after-free condition that could potentially lead to memory corruption (NVD).

The vulnerability affects various Linux kernel versions across different distributions and platforms, including Ubuntu's linux-hwe-5.15, linux-azure, linux-gcp, and other kernel variants. Multiple Ubuntu releases have received fixes, particularly version 5.15.0-94.104~20.04.1 for various kernel flavors (Ubuntu).

Fixes have been released for multiple Linux kernel versions and distributions. Ubuntu has released patches for various kernel flavors, including linux-hwe-5.15 (5.15.0-94.104~20.04.1), linux-azure (5.15.0-1056.64), linux-gcp (5.15.0-1051.57~20.04.1), and other variants. Users are advised to update their systems to the patched versions (Ubuntu).