CVE-2023-0266
CVSS v3.1
7.8 (High)
EPSS
0.08 % (36th)
Affected Products
1
Advisories
58
A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 is missing locks that can be used in a use-after-free that can result in a priviledge escalation to gain ring0 access from the system user. We recommend upgrading past commit 56b88b50565cd8b946a2d00b0c83927b7ebb055e
Weaknesses
- CWE-416
- Use After Free
- CVE Status
- PUBLISHED
- CNA
- Google Inc.
- Published Date
-
2023-01-30 14:15:10
(19 months ago) - Updated Date
-
2023-08-29 17:59:37
(12 months ago)
Linux Kernel Use-After-Free Vulnerability (CISA - Known Exploited Vulnerabilities Catalog)
- Description
- Linux kernel contains a use-after-free vulnerability that allows for privilege escalation to gain ring0 access from the system user.
- Required Action
- Apply updates per vendor instructions.
- Known to be Used in Ransomware Campaigns
- Unknown
- Notes
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tree/queue-5.10/alsa-pcm-move-rwsem-lock-inside-snd_ctl_elem_read-to-prevent-uaf.patch?id=72783cf35e6c55bca84c4bb7b776c58152856fd4; https://nvd.nist.gov/vuln/detail/CVE-2023-0266
- Vendor
- Linux
- Product
- Kernel
- In CISA Catalog from
-
2023-03-30
(17 months ago) - Due Date
-
2023-04-20
(17 months ago)
Affected Products
Loading...
Loading...
Configuration #1
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...