CVE-2023-0266

HIGH CISA KEV
Published Jan 30, 20233y ago · Modified Jun 17, 20262w ago
7.0 CVSS 3.1
High
Find Similar
Published Jan 30, 2023 3y ago
Last Modified Jun 17, 2026 2w ago
KEV Listed Mar 30, 2023 3y ago
KEV Due Apr 20, 2023 1172d overdue

Description

A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 is missing locks that can be used in a use-after-free that can result in a priviledge escalation to gain ring0 access from the system user. We recommend upgrading past commit 56b88b50565cd8b946a2d00b0c83927b7ebb055e

CVSS Details

Base Score
7.0
Exploitability
1.0
Impact
5.9
Vector string
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity High
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

CISA Known Exploited Overdue 1172d
Added
Mar 30, 2023
Due
Apr 20, 2023

Apply updates per vendor instructions.

Exploit & Patch Status
Actively Exploited (KEV)
Patch Available

Weaknesses 1

CWE-416 Use After Free Memory Safety

Affected Products 7

VendorProductVersionRange
debiandebian_linux10.0any
linuxlinux_kernel*≥4.14  –  <4.14.303
linuxlinux_kernel*≥4.15  –  <4.19.270
linuxlinux_kernel*≥4.20  –  <5.4.229
linuxlinux_kernel*≥5.5  –  <5.10.163
linuxlinux_kernel*≥5.11  –  <5.15.88
linuxlinux_kernel*≥5.16  –  <6.1.6

References 5

  • git.kernel.org https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tree/queue-5.10/alsa-pcm-move-rwsem-lock-inside-snd_ctl_elem_read-to-prevent-uaf.patch?id=72783cf35e6c55bca84c4bb7b776c58152856fd4
    Mailing ListPatchVendor Advisory
  • github.com https://github.com/torvalds/linux/commit/56b88b50565cd8b946a2d00b0c83927b7ebb055e
    Patch
  • github.com https://github.com/torvalds/linux/commit/becf9e5d553c2389d857a3c178ce80fdb34a02e1
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html
    Mailing ListThird Party Advisory
  • cisa.gov https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-0266
    US Government Resource

Remediation

  • git.kernel.org https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tree/queue-5.10/alsa-pcm-move-rwsem-lock-inside-snd_ctl_elem_read-to-prevent-uaf.patch?id=72783cf35e6c55bca84c4bb7b776c58152856fd4
    Mailing ListPatchVendor Advisory
  • github.com https://github.com/torvalds/linux/commit/56b88b50565cd8b946a2d00b0c83927b7ebb055e
    Patch
  • github.com https://github.com/torvalds/linux/commit/becf9e5d553c2389d857a3c178ce80fdb34a02e1
    Patch