PT-2023-1003 · Linux+10 · Linux Kernel+10

Clement Lecigne

·

Published

2023-01-13

·

Updated

2025-09-15

·

CVE-2023-0266

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux Kernel (affected versions not specified)
Description A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel. The issue is related to missing locks in SNDRV CTL IOCTL ELEM {READ|WRITE}32 that can be used in a use-after-free, resulting in a privilege escalation to gain ring0 access from the system user. The vulnerability can be exploited to cause a denial of service and gain unauthorized access to protected information. It has been found exploited in the wild, affecting Linux systems.
Recommendations To resolve the issue, upgrade past commit 56b88b50565cd8b946a2d00b0c83927b7ebb055e. As a temporary workaround, consider restricting access to the vulnerable SNDRV CTL IOCTL ELEM {READ|WRITE}32 API endpoint to minimize the risk of exploitation.

Exploit

Fix

DoS

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2023:1469
ALSA-2023:1470
ALSA-2023:1566
ALSA-2023:1584
ALT-PU-2023-1066
ALT-PU-2023-1224
ALT-PU-2023-1434
ALT-PU-2023-1539
ALT-PU-2023-7007
ALT-PU-2023-7682
ALT-PU-2024-4263
ALT-PU-2024-4843
ASB-A-265303544
AZL-13190
AZL-13229
BDU:2023-00382
CESA-2023_1566
CESA-2023_1584
CESA-2023_1659
CVE-2023-0266
DLA-3349-1
DLA-3403-1
DSA-5324-1
MGASA-2023-0007
MGASA-2023-0008
OESA-2023-1198
OESA-2023-1199
OESA-2023-1200
OESA-2023-1201
OPENSUSE-SU-2023_0152-1
OPENSUSE-SU-2023_0394-1
OPENSUSE-SU-2023_0433-1
OPENSUSE-SU-2023_0488-1
RHSA-2023:1202
RHSA-2023:1203
RHSA-2023:1435
RHSA-2023:1469
RHSA-2023:1470
RHSA-2023:1471
RHSA-2023:1554
RHSA-2023:1556
RHSA-2023:1557
RHSA-2023:1559
RHSA-2023:1560
RHSA-2023:1566
RHSA-2023:1584
RHSA-2023:1588
RHSA-2023:1590
RHSA-2023:1659
RHSA-2023:1660
RHSA-2023:1662
RHSA-2023:1666
RHSA-2023:1677
RHSA-2023_1469
RHSA-2023_1470
RHSA-2023_1566
RHSA-2023_1584
RLSA-2023:1469
RLSA-2023:1470
RLSA-2023:1566
RLSA-2023:1584
RXSA-2023:1566
SUSE-SU-2023:0152-1
SUSE-SU-2023:0394-1
SUSE-SU-2023:0406-1
SUSE-SU-2023:0433-1
SUSE-SU-2023:0485-1
SUSE-SU-2023:0488-1
SUSE-SU-2023:0618-1
SUSE-SU-2023:0634-1
SUSE-SU-2023:0779-1
SUSE-SU-2023:1576-1
SUSE-SU-2023:1591-1
SUSE-SU-2023:1592-1
SUSE-SU-2023:1595-1
SUSE-SU-2023:1602-1
SUSE-SU-2023:1619-1
SUSE-SU-2023:1639-1
SUSE-SU-2023:1640-1
SUSE-SU-2023:1647-1
SUSE-SU-2023:1649-1
SUSE-SU-2023:1653-1
SUSE-SU-2023:1708-1
USN-5915-1
USN-5917-1
USN-5924-1
USN-5927-1
USN-5934-1
USN-5939-1
USN-5940-1
USN-5951-1
USN-5970-1
USN-5975-1
USN-5979-1
USN-5981-1
USN-5982-1
USN-5984-1
USN-5987-1
USN-5991-1
USN-6000-1
USN-6004-1
USN-6009-1
USN-6030-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Linux Kernel
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu