Linux Kernel Use-After-Free Vulnerability
Summary
| CVE | CVE-2023-0266 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-01-30 14:15:00 UTC |
| Updated | 2023-08-29 17:59:00 UTC |
| Description | A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 is missing locks that can be used in a use-after-free that can result in a priviledge escalation to gain ring0 access from the system user. We recommend upgrading past commit 56b88b50565cd8b946a2d00b0c83927b7ebb055e |
Risk And Classification
EPSS: 0.000970000 probability, percentile 0.268820000 (date 2026-04-01)
CISA KEV: Listed on 2023-03-30; due 2023-04-20; ransomware use Unknown
Problem Types: CWE-416
CISA Known Exploited Vulnerability
| Vendor | Linux |
|---|---|
| Product | Kernel |
| Name | Linux Kernel Use-After-Free Vulnerability |
| Required Action | Apply updates per vendor instructions. |
| Notes | https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tree/queue-5.10/alsa-pcm-move-rwsem-lock-inside-snd_ctl_elem_read-to-prevent-uaf.patch?id=72783cf35e6c55bca84c4bb7b776c58152856fd4; https://nvd.nist.gov/vuln/detail/CVE-2023-0266 |
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Linux | Linux Kernel | All | All | All | All |
| Operating System | Linux | Linux Kernel | 6.2 | rc1 | All | All |
| Operating System | Linux | Linux Kernel | 6.2 | rc2 | All | All |
| Operating System | Linux | Linux Kernel | 6.2 | rc3 | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| ALSA: control: code refactoring for ELEM_READ/ELEM_WRITE operations · torvalds/linux@becf9e5 · GitHub | MISC | github.com | |
| [SECURITY] [DLA 3403-1] linux security update | MISC | lists.debian.org | |
| alsa-pcm-move-rwsem-lock-inside-snd_ctl_elem_read-to-prevent-uaf.patch « queue-5.10 - kernel/git/stable/stable-queue.git - Linux kernel stable patch queue | MISC | git.kernel.org | |
| ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF · torvalds/linux@56b88b5 · GitHub | MISC | github.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
| CISA Known Exploited Vulnerabilities catalog | CISA | www.cisa.gov | kev |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 160505 Oracle Enterprise Linux Security Update for unbreakable enterprise kernel (ELSA-2023-12196)
- 160524 Oracle Enterprise Linux Security Update for kernel (ELSA-2023-1470)
- 160537 Oracle Enterprise Linux Security Update for kernel (ELSA-2023-1566)
- 181491 Debian Security Update for linux (DSA 5324-1)
- 181618 Debian Security Update for linux-5.10 (DLA 3349-1)
- 181768 Debian Security Update for linux (DLA 3403-1)
- 182961 Debian Security Update for linux (CVE-2023-0266)
- 199208 Ubuntu Security Notification for Linux kernel (OEM) Vulnerabilities (USN-5915-1)
- 199212 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5917-1)
- 199218 Ubuntu Security Notification for Linux kernel (Azure) Vulnerabilities (USN-5927-1)
- 199224 Ubuntu Security Notification for Linux kernel (Raspberry Pi) Vulnerabilities (USN-5934-1)
- 199226 Ubuntu Security Notification for Linux kernel (GCP) Vulnerabilities (USN-5939-1)
- 199230 Ubuntu Security Notification for Linux kernel (Raspberry Pi) Vulnerabilities (USN-5940-1)
- 199239 Ubuntu Security Notification for Linux kernel (IBM) Vulnerabilities (USN-5951-1)
- 199251 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5970-1)
- 199258 Ubuntu Security Notification for Linux kernel (HWE) Vulnerabilities (USN-5979-1)
- 199260 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5982-1)
- 199261 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5984-1)
- 199265 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5987-1)
- 199267 Ubuntu Security Notification for Linux kernel (GCP) Vulnerabilities (USN-5991-1)
- 199276 Ubuntu Security Notification for Linux kernel (BlueField) Vulnerabilities (USN-6000-1)
- 199280 Ubuntu Security Notification for Linux kernel (Intel IoTG) Vulnerabilities (USN-6004-1)
- 199300 Ubuntu Security Notification for Linux kernel (Qualcomm Snapdragon) Vulnerabilities (USN-6030-1)
- 199502 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5975-1)
- 199541 Ubuntu Security Notification for Linux kernel (Azure) Vulnerabilities (USN-5924-1)
- 199570 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5981-1)
- 199587 Ubuntu Security Notification for Linux kernel (GCP) Vulnerabilities (USN-6009-1)
- 241258 Red Hat Update for kernel security (RHSA-2023:1202)
- 241260 Red Hat Update for kernel-rt (RHSA-2023:1203)
- 241290 Red Hat Update for kpatch-patch (RHSA-2023:1435)
- 241293 Red Hat Update for kpatch-patch (RHSA-2023:1471)
- 241295 Red Hat Update for kernel-rt (RHSA-2023:1469)
- 241298 Red Hat Update for kernel security (RHSA-2023:1470)
- 241305 Red Hat Update for kernel security (RHSA-2023:1554)
- 241308 Red Hat Update for kernel-rt (RHSA-2023:1556)
- 241310 Red Hat Update for kernel-rt (RHSA-2023:1584)
- 241315 Red Hat Update for kernel (RHSA-2023:1557)
- 241316 Red Hat Update for kernel-rt (RHSA-2023:1560)
- 241324 Red Hat Update for kernel security (RHSA-2023:1566)
- 241327 Red Hat Update for kpatch-patch (RHSA-2023:1662)
- 241328 Red Hat Update for kpatch-patch (RHSA-2023:1659)
- 241329 Red Hat Update for kpatch-patch (RHSA-2023:1660)
- 241604 Red Hat Update for kernel (RHSA-2023:1588)
- 241606 Red Hat Update for kpatch-patch (RHSA-2023:1590)
- 241646 Red Hat Update for kernel (RHSA-2023:1559)
- 241674 Red Hat Update for kpatch-patch (RHSA-2023:1666)
- 378468 Alibaba Cloud Linux Security Update for cloud-kernel (ALINUX3-SA-20230042)
- 378473 Alibaba Cloud Linux Security Update for cloud-kernel (ALINUX2-SA-2023:0021)
- 378512 Alibaba Cloud Linux Security Update for cloud-kernel (ALINUX3-SA-2023:0042)
- 610481 Google Android Devices May 2023 Security Patch Missing
- 610482 Google Pixel Android April 2023 Security Patch Missing
- 610485 Google Android May 2023 Security Patch Missing for Samsung
- 610487 Google Android May 2023 Security Patch Missing for Huawei EMUI
- 610493 Google Android June 2023 Security Patch Missing for Samsung
- 673117 EulerOS Security Update for kernel (EulerOS-SA-2023-2152)
- 753583 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:0152-1)
- 753684 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:0394-1)
- 753688 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:0406-1)
- 753709 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:0433-1)
- 753743 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:0618-1)
- 753745 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:0634-1)
- 755900 SUSE Enterprise Linux Security Update for the Linux-RT Kernel (SUSE-SU-2023:0488-1)
- 905357 Common Base Linux Mariner (CBL-Mariner) Security Update for hyperv-daemons (13156)
- 905373 Common Base Linux Mariner (CBL-Mariner) Security Update for hyperv-daemons (13190)
- 905387 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (13223)
- 905397 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (13229)
- 905539 Common Base Linux Mariner (CBL-Mariner) Security Update for hyperv-daemons (13190-1)
- 905948 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (13223-2)
- 906114 Common Base Linux Mariner (CBL-Mariner) Security Update for hyperv-daemons (13156-2)
- 906385 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (13229-2)
- 906594 Common Base Linux Mariner (CBL-Mariner) Security Update for hyperv-daemons (13156-4)
- 906597 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (13223-4)
- 940966 AlmaLinux Security Update for kernel (ALSA-2023:1470)
- 940967 AlmaLinux Security Update for kernel-rt (ALSA-2023:1469)
- 940970 AlmaLinux Security Update for kernel (ALSA-2023:1566)
- 940974 AlmaLinux Security Update for kernel-rt (ALSA-2023:1584)
- 960891 Rocky Linux Security Update for kernel-rt (RLSA-2023:1469)
- 960896 Rocky Linux Security Update for kernel (RLSA-2023:1470)
- 960903 Rocky Linux Security Update for kernel (RLSA-2023:1566)
- 960918 Rocky Linux Security Update for kernel-rt (RLSA-2023:1584)