CVE-2023-53484: 
Linux Kernel vulnerability analysis and mitigation

CVE-2023-53484 is a vulnerability in the Linux kernel that was discovered and disclosed on October 1, 2025. The vulnerability affects the CPU rmap functionality in the Linux kernel's lib subsystem. It involves a potential use-after-free condition when handling the rmap->obj array entries (Ubuntu Security, NVD).

The vulnerability occurs when calling irq_set_affinity_notifier() with NULL as the notify argument, which causes the freeing of the glue pointer in the corresponding array entry but leaves the pointer in the array. A subsequent call to free_irq_cpu_rmap() attempts to free this entry again, leading to a potential use-after-free condition. The issue requires setting NULL to the array entry and implementing checks for non-zero values at the array entry when iterating over the array in free_irq_cpu_rmap() (NVD).

While the current code base does not actively suffer from this vulnerability since there are no cases where irq_set_affinity_notifier(irq, NULL) is called followed by a call to free_irq_cpu_rmap(), the potential for exploitation exists in subsequent patches that exercise this flow (Ubuntu Security).

Multiple Linux distributions have released fixes for this vulnerability. Ubuntu has implemented fixes in various kernel versions, including linux-hwe-5.15 (5.15.0-83.92~20.04.1), linux-azure-5.15 (5.15.0-1046.53~20.04.1), and linux-gcp-5.15 (5.15.0-1041.49~20.04.1) (Ubuntu Security).