CVE-2023-0266

Updated: 2023-11-04 20:43:45.797312

Description:

A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 is missing locks that can be used in a use-after-free that can result in a priviledge escalation to gain ring0 access from the system user. We recommend upgrading past commit 56b88b50565cd8b946a2d00b0c83927b7ebb055e


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0
CVSS Version 3.x HIGH 7.8

Known exploits

Added Date Description Due Date Notes
2023-03-30 Linux kernel contains a use-after-free vulnerability that allows for privilege escalation to gain ring0 access from the system user. 2023-04-20 https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tree/queue-5.10/alsa-pcm-move-rwsem-lock-inside-snd_ctl_elem_read-to-prevent-uaf.patch?id=72783cf35e6c55bca84c4bb7b776c58152856fd4

Status

OS name Project name Version Score Severity Status Errata Last updated
AlmaLinux 9.2 ESU kernel 5.14.0 7.8 HIGH Not Vulnerable 2024-01-18 10:10:47
AlmaLinux 9.2 FIPS kernel 5.14.0 7.8 HIGH Already Fixed 2024-01-29 08:42:41
CentOS 6 ELS kernel 2.6.32 7.8 HIGH Not Vulnerable 2023-04-12 08:49:45
CentOS 8.4 ELS kernel 4.18.0 7.8 HIGH Released CLSA-2023:1690287378 2023-07-25 09:13:35
CentOS 8.5 ELS kernel 4.18.0 7.8 HIGH Released CLSA-2023:1690294029 2023-07-25 11:09:20
CloudLinux 6 ELS kernel 2.6.32 7.8 HIGH Not Vulnerable 2023-04-12 08:49:45
Oracle Linux 6 ELS kernel 2.6.32 7.8 HIGH Not Vulnerable 2023-04-12 08:49:45
Ubuntu 16.04 ELS linux-hwe 4.15.0 7.8 HIGH Released CLSA-2023:1680538313 2023-04-03 14:06:17
Ubuntu 16.04 ELS linux 4.4.0 7.8 HIGH Not Vulnerable 2023-04-21 03:20:58
Ubuntu 18.04 ELS linux 4.15.0 7.8 HIGH Released 2023-08-31 03:20:52