fkie_nvd - fkie_cve-2023-53386

fkie_cve-2023-53386

Vulnerability from fkie_nvd

Published

2025-09-18 14:15

Modified

2025-12-11 18:20

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix potential use-after-free when clear keys Similar to commit c5d2b6fa26b5 ("Bluetooth: Fix use-after-free in hci_remove_ltk/hci_remove_irk"). We can not access k after kfree_rcu() call.

References

URL	Tags
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/35cc42f04bc49f0656f6840cb7451b3df6049649	Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/3673952cf0c6cf81b06c66a0b788abeeb02ff3ae	Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/942d8cefb022f384d5424f8b90c7878f3f93726f	Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/94617b736c25091b60e514e2e7aeafcbbee6b700	Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/da19f35868dfbecfff4f81166c054d2656cb1be4	Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/e87da6a0ac6e631454e7da53a76aa9fe44aaa5dd	Patch

Impacted products

Vendor	Product	Version
linux	linux_kernel	*
linux	linux_kernel	*
linux	linux_kernel	*
linux	linux_kernel	*
linux	linux_kernel	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B703A10E-CA08-449A-92B3-F3BE97B168D1",
              "versionEndExcluding": "5.10.195",
              "versionStartIncluding": "5.7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5913891D-409A-4EEC-9231-F2EF5A493BC7",
              "versionEndExcluding": "5.15.132",
              "versionStartIncluding": "5.11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B20754AF-3B8C-4574-A70D-EC24933810E5",
              "versionEndExcluding": "6.1.53",
              "versionStartIncluding": "5.16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3039EA3-F6CA-43EF-9F17-81A7EC6841EF",
              "versionEndExcluding": "6.4.16",
              "versionStartIncluding": "6.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "880C803A-BEAE-4DA0-8A59-AC023F7B4EE3",
              "versionEndExcluding": "6.5.3",
              "versionStartIncluding": "6.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: Fix potential use-after-free when clear keys\n\nSimilar to commit c5d2b6fa26b5 (\"Bluetooth: Fix use-after-free in\nhci_remove_ltk/hci_remove_irk\"). We can not access k after kfree_rcu()\ncall."
    }
  ],
  "id": "CVE-2023-53386",
  "lastModified": "2025-12-11T18:20:58.587",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-09-18T14:15:41.660",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/35cc42f04bc49f0656f6840cb7451b3df6049649"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/3673952cf0c6cf81b06c66a0b788abeeb02ff3ae"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/942d8cefb022f384d5424f8b90c7878f3f93726f"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/94617b736c25091b60e514e2e7aeafcbbee6b700"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/da19f35868dfbecfff4f81166c054d2656cb1be4"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/e87da6a0ac6e631454e7da53a76aa9fe44aaa5dd"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-416"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2023-53386 (GCVE-0-2023-53386)

Vulnerability from cvelistv5

Published

2025-09-18 13:33

Modified

2025-09-18 13:33

Severity ?

Summary

References

URL

Tags

	https://git.kernel.org/stable/c/e87da6a0ac6e631454e7da53a76aa9fe44aaa5dd
	https://git.kernel.org/stable/c/942d8cefb022f384d5424f8b90c7878f3f93726f
	https://git.kernel.org/stable/c/94617b736c25091b60e514e2e7aeafcbbee6b700
	https://git.kernel.org/stable/c/da19f35868dfbecfff4f81166c054d2656cb1be4
	https://git.kernel.org/stable/c/35cc42f04bc49f0656f6840cb7451b3df6049649
	https://git.kernel.org/stable/c/3673952cf0c6cf81b06c66a0b788abeeb02ff3ae

Impacted products

Vendor

Product

Version

Linux

Version: d7d41682efc25d58b5bd8b80e85e3c9ce586635c
Version: d7d41682efc25d58b5bd8b80e85e3c9ce586635c
Version: d7d41682efc25d58b5bd8b80e85e3c9ce586635c
Version: d7d41682efc25d58b5bd8b80e85e3c9ce586635c
Version: d7d41682efc25d58b5bd8b80e85e3c9ce586635c
Version: d7d41682efc25d58b5bd8b80e85e3c9ce586635c

Linux

Version: 5.7

Show details on NVD website