CVE-2023-0266

Confirmed PUBLISHED

Use after free in SNDRV_CTL_IOCTL_ELEM in Linux Kernel

Linux · Linux Kernel
Exploited in the wild

Recommended Action

Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.

Confidence
Confirmed
Exploitation Status
Exploited in the wild
Observed in Sensors
No
Attempts (30d)
Unique Attacker IPs
CISA KEV
In CISA KEV
CVSS / EPSS
7.9 High

At a Glance

A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 is missing locks that can be used in a use-after-free that can result in a priviledge escalation to gain ring0 access from the system user. We recommend upgrading past commit 56b88b50565cd8b946a2d00b0c83927b7ebb055e

cisa nessus_scanner linux
CVE Published
Jan 30, 2023
Exploitation Reported
Mar 30, 2023
CVSS
7.9 High
EPSS
No user interaction

Affected Versions

Vendor Product Version Status
Linux
Linux Kernel

ALSA pcm

4.14 to < 56b88b50565cd8b946a2d00b0c83927b7ebb055e

Affected

CVE References

Recommended Actions

  • Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.
  • Check enrichment artifacts for scanner coverage and available PoCs before rolling remediation validation.
  • Use the Pro API to automate enrichment, telemetry, and workflow delivery for VM, SOC, and CTI pipelines.