CVE-2023-0266
HIGH CISA KEV
Published Jan 30, 20233y ago · Modified Jun 17, 20262w ago
7.0 CVSS 3.1
Published Jan 30, 2023 3y ago
Last Modified Jun 17, 2026 2w ago
KEV Listed Mar 30, 2023 3y ago
KEV Due Apr 20, 2023 1172d overdue
Description
A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 is missing locks that can be used in a use-after-free that can result in a priviledge escalation to gain ring0 access from the system user. We recommend upgrading past commit 56b88b50565cd8b946a2d00b0c83927b7ebb055e
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Attack Vector Local
Attack Complexity High
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High
Threat Intelligence
CISA Known Exploited Overdue 1172d
- Added
- Mar 30, 2023
- Due
- Apr 20, 2023
Apply updates per vendor instructions.
Exploit & Patch Status
Actively Exploited (KEV)
Patch Available
Weaknesses 1
CWE-416 Use After Free Memory Safety
Affected Products 7
References 5
- git.kernel.org https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tree/queue-5.10/alsa-pcm-move-rwsem-lock-inside-snd_ctl_elem_read-to-prevent-uaf.patch?id=72783cf35e6c55bca84c4bb7b776c58152856fd4
- github.com https://github.com/torvalds/linux/commit/56b88b50565cd8b946a2d00b0c83927b7ebb055e
- github.com https://github.com/torvalds/linux/commit/becf9e5d553c2389d857a3c178ce80fdb34a02e1
- lists.debian.org https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html
- cisa.gov https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-0266
Remediation
- git.kernel.org https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tree/queue-5.10/alsa-pcm-move-rwsem-lock-inside-snd_ctl_elem_read-to-prevent-uaf.patch?id=72783cf35e6c55bca84c4bb7b776c58152856fd4
- github.com https://github.com/torvalds/linux/commit/56b88b50565cd8b946a2d00b0c83927b7ebb055e
- github.com https://github.com/torvalds/linux/commit/becf9e5d553c2389d857a3c178ce80fdb34a02e1