Updated: 2024-11-23 05:53:06.981666
Description:
A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 is missing locks that can be used in a use-after-free that can result in a priviledge escalation to gain ring0 access from the system user. We recommend upgrading past commit 56b88b50565cd8b946a2d00b0c83927b7ebb055e
Links | NIST | CIRCL | RHEL | Ubuntu |
Severity | Score | |
---|---|---|
CVSS Version 2.x | 0 | |
CVSS Version 3.x | HIGH | 7.8 |
Added Date | Description | Due Date | Notes |
---|---|---|---|
2023-03-30 | Linux kernel contains a use-after-free vulnerability that allows for privilege escalation to gain ring0 access from the system user. | 2023-04-20 | https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tree/queue-5.10/alsa-pcm-move-rwsem-lock-inside-snd_ctl_elem_read-to-prevent-uaf.patch?id=72783cf35e6c55bca84c4bb7b776c58152856fd4; https://nvd.nist.gov/vuln/detail/CVE-2023-0266 |
OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
---|---|---|---|---|---|---|---|---|
AlmaLinux 9.2 ESU | kernel | 5.14.0 | 7.8 | HIGH | Not Vulnerable | 2024-01-18 10:10:47 | ||
AlmaLinux 9.2 FIPS | kernel | 5.14.0 | 7.8 | HIGH | Already Fixed | 2024-01-29 08:42:41 | ||
CentOS 6 ELS | kernel | 2.6.32 | 7.8 | HIGH | Not Vulnerable | 2023-04-12 08:49:45 | ||
CentOS 8.4 ELS | kernel | 4.18.0 | 7.8 | HIGH | Released | CLSA-2023:1690287378 | 2023-07-25 09:13:35 | |
CentOS 8.5 ELS | kernel | 4.18.0 | 7.8 | HIGH | Released | CLSA-2023:1690294029 | 2023-07-25 11:09:20 | |
CentOS Stream 8 ELS | kernel | 4.18.0 | 7.8 | HIGH | Already Fixed | 2024-06-09 14:20:58 | ||
CloudLinux 6 ELS | kernel | 2.6.32 | 7.8 | HIGH | Not Vulnerable | 2023-04-12 08:49:45 | ||
Oracle Linux 6 ELS | kernel | 2.6.32 | 7.8 | HIGH | Not Vulnerable | 2023-04-12 08:49:45 | ||
Ubuntu 16.04 ELS | linux-hwe | 4.15.0 | 7.8 | HIGH | Released | CLSA-2023:1680538313 | 2023-04-03 14:06:17 | |
Ubuntu 16.04 ELS | linux | 4.4.0 | 7.8 | HIGH | Not Vulnerable | 2023-04-21 03:20:58 |