{
  "threat_severity" : "Moderate",
  "public_date" : "2025-09-18T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: Bluetooth: Fix potential use-after-free when clear keys",
    "id" : "2396419",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2396419"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.1",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-416",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nBluetooth: Fix potential use-after-free when clear keys\nSimilar to commit c5d2b6fa26b5 (\"Bluetooth: Fix use-after-free in\nhci_remove_ltk/hci_remove_irk\"). We can not access k after kfree_rcu()\ncall." ],
  "statement" : "A use-after-free bug was identified in the Bluetooth stack when clearing link and security keys. The code iterated with list_for_each_entry() and freed items with kfree_rcu(), allowing access to freed memory.\nA local user with Bluetooth administration privileges (e.g. able to unpair devices, reset the adapter or manage stored keys) can reliably trigger this bug, causing use-after-free and likely DoS/kernel crash. And the confidential data leakage from freed memory is theoretically possible. Triggering this remotely is difficult — an unauthenticated/unknown device generally cannot force the kernel to clear those local key lists — and would realistically require a device that is already paired/authenticated (or otherwise an exploit chain) to influence the same code paths.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2025-10-27T00:00:00Z",
    "advisory" : "RHSA-2025:19103",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8::nfv",
    "package" : "kernel-rt-0:4.18.0-553.81.1.rt7.422.el8_10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2025-10-27T00:00:00Z",
    "advisory" : "RHSA-2025:19102",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "kernel-0:4.18.0-553.81.1.el8_10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
    "release_date" : "2025-12-04T00:00:00Z",
    "advisory" : "RHSA-2025:22752",
    "cpe" : "cpe:/o:redhat:rhel_aus:8.4",
    "package" : "kernel-0:4.18.0-305.179.1.el8_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On",
    "release_date" : "2025-12-04T00:00:00Z",
    "advisory" : "RHSA-2025:22752",
    "cpe" : "cpe:/o:redhat:rhel_eus_long_life:8.4",
    "package" : "kernel-0:4.18.0-305.179.1.el8_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
    "release_date" : "2025-11-12T00:00:00Z",
    "advisory" : "RHSA-2025:21084",
    "cpe" : "cpe:/o:redhat:rhel_aus:8.6",
    "package" : "kernel-0:4.18.0-372.168.1.el8_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
    "release_date" : "2025-11-12T00:00:00Z",
    "advisory" : "RHSA-2025:21084",
    "cpe" : "cpe:/o:redhat:rhel_tus:8.6",
    "package" : "kernel-0:4.18.0-372.168.1.el8_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
    "release_date" : "2025-11-12T00:00:00Z",
    "advisory" : "RHSA-2025:21084",
    "cpe" : "cpe:/o:redhat:rhel_e4s:8.6",
    "package" : "kernel-0:4.18.0-372.168.1.el8_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
    "release_date" : "2025-11-25T00:00:00Z",
    "advisory" : "RHSA-2025:22072",
    "cpe" : "cpe:/o:redhat:rhel_tus:8.8",
    "package" : "kernel-0:4.18.0-477.120.1.el8_8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
    "release_date" : "2025-11-25T00:00:00Z",
    "advisory" : "RHSA-2025:22072",
    "cpe" : "cpe:/o:redhat:rhel_e4s:8.8",
    "package" : "kernel-0:4.18.0-477.120.1.el8_8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
    "release_date" : "2025-11-12T00:00:00Z",
    "advisory" : "RHSA-2025:21091",
    "cpe" : "cpe:/a:redhat:rhel_e4s:9.0",
    "package" : "kernel-0:5.14.0-70.153.1.el9_0"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
    "release_date" : "2025-11-12T00:00:00Z",
    "advisory" : "RHSA-2025:21136",
    "cpe" : "cpe:/a:redhat:rhel_e4s:9.0::nfv",
    "package" : "kernel-rt-0:5.14.0-70.153.1.rt21.225.el9_0"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
    "release_date" : "2025-11-12T00:00:00Z",
    "advisory" : "RHSA-2025:21051",
    "cpe" : "cpe:/a:redhat:rhel_e4s:9.2",
    "package" : "kernel-0:5.14.0-284.146.1.el9_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
    "release_date" : "2025-11-12T00:00:00Z",
    "advisory" : "RHSA-2025:21128",
    "cpe" : "cpe:/a:redhat:rhel_e4s:9.2::nfv",
    "package" : "kernel-rt-0:5.14.0-284.146.1.rt14.431.el9_2"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-53386\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-53386\nhttps://lore.kernel.org/linux-cve-announce/2025091857-CVE-2023-53386-8ab2@gregkh/T" ],
  "name" : "CVE-2023-53386",
  "mitigation" : {
    "value" : "To mitigate these vulnerabilities on the operating system level, disable the Bluetooth functionality via blocklisting kernel modules in the Linux kernel. The kernel modules can be prevented from being loaded by using system-wide modprobe rules. Instructions on how to disable Bluetooth modules are available on the customer portal at https://access.redhat.com/solutions/2682931.\nAlternatively, bluetooth can be disabled within the hardware or at the BIOS level, which will also provide effective mitigation as the kernel will not detect Bluetooth hardware on the system.",
    "lang" : "en:us"
  },
  "csaw" : false
}