CVE-2023-0266

Advisory lineage Upstream: 0 Downstream: 67

Downstream

DEBIAN-CVE-2023-0266 DLA-3349-1 DLA-3403-1 DSA-5324-1 MGASA-2023-0007 MGASA-2023-0008

Analyzed

Published: 30 Jan 2023, 13:09

Last modified:21 Oct 2025, 23:15

Vulnerability Summary

Overall Risk (default)

medium

32/100

CVSS Score

7.9 HIGH

v3.1 (cve.org)

EPSS Score

0.18% LOW

0% probability +0.09%

KEV

Listed

CISA

1 listing

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

30 Jan 2023, 13:09

Published

Vulnerability first disclosed

30 Mar 2023, 00:00

Added to CISA KEV

Linux Kernel Use-After-Free Vulnerability

20 Apr 2023, 00:00

CISA Remediation Due

Apply updates per vendor instructions.

21 Oct 2025, 23:15

Last Modified

Vulnerability information updated

Description

A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 is missing locks that can be used in a use-after-free that can result in a priviledge escalation to gain ring0 access from the system user. We recommend upgrading past commit 56b88b50565cd8b946a2d00b0c83927b7ebb055e

CVSS Metrics

v3.1•HIGH•Score: 7.9CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:H
v3.1•HIGH•Score: 7CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Trends

Current EPSS score: 0.18%• Percentile: 39%

Techniques & Countermeasures

CWE-416•Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

Affected Systems

debian•debian_linux
10.0
linux•linux_kernel
≥ 4.14, < 4.14.303 | ≥ 4.15, < 4.19.270 | ≥ 4.20, < 5.4.229 | ≥ 5.5, < 5.10.163 | ≥ 5.11, < 5.15.88 | ≥ 5.16, < 6.1.6 | ≥ 4.14, < 56b88b50565cd8b946a2d00b0c83927b7ebb055e