{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-0266","assignerOrgId":"14ed7db2-1595-443d-9d34-6215bf890778","state":"PUBLISHED","assignerShortName":"Google","dateReserved":"2023-01-13T07:58:13.390Z","datePublished":"2023-01-30T13:09:32.141Z","dateUpdated":"2025-10-21T23:15:27.844Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","packageName":"ALSA pcm","product":"Linux Kernel","repo":"https://git.kernel.org","vendor":"Linux","versions":[{"lessThan":"56b88b50565cd8b946a2d00b0c83927b7ebb055e","status":"affected","version":"4.14","versionType":"git"}]}],"datePublic":"2023-01-13T00:00:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel.<span style=\"background-color: rgb(255, 255, 255);\">&nbsp;SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 is missing locks that can be used in a use-after-free that can result in a priviledge escalation to gain ring0 access from the system user. We recommend upgrading past commit&nbsp;56b88b50565cd8b946a2d00b0c83927b7ebb055e</span><br>"}],"value":"A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 is missing locks that can be used in a use-after-free that can result in a priviledge escalation to gain ring0 access from the system user. We recommend upgrading past commit 56b88b50565cd8b946a2d00b0c83927b7ebb055e"}],"impacts":[{"capecId":"CAPEC-233","descriptions":[{"lang":"en","value":"CAPEC-233 Privilege Escalation"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"ADJACENT_NETWORK","availabilityImpact":"HIGH","baseScore":7.9,"baseSeverity":"HIGH","confidentialityImpact":"LOW","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-416","description":"CWE-416 Use After Free","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"14ed7db2-1595-443d-9d34-6215bf890778","shortName":"Google","dateUpdated":"2023-05-03T13:06:14.455Z"},"references":[{"url":"https://github.com/torvalds/linux/commit/becf9e5d553c2389d857a3c178ce80fdb34a02e1"},{"url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tree/queue-5.10/alsa-pcm-move-rwsem-lock-inside-snd_ctl_elem_read-to-prevent-uaf.patch?id=72783cf35e6c55bca84c4bb7b776c58152856fd4"},{"url":"https://github.com/torvalds/linux/commit/56b88b50565cd8b946a2d00b0c83927b7ebb055e"},{"url":"https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html"}],"source":{"discovery":"UNKNOWN"},"title":"Use after free in SNDRV_CTL_IOCTL_ELEM in Linux Kernel","x_generator":{"engine":"Vulnogram 0.1.0-dev"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T05:02:44.150Z"},"title":"CVE Program Container","references":[{"url":"https://github.com/torvalds/linux/commit/becf9e5d553c2389d857a3c178ce80fdb34a02e1","tags":["x_transferred"]},{"url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tree/queue-5.10/alsa-pcm-move-rwsem-lock-inside-snd_ctl_elem_read-to-prevent-uaf.patch?id=72783cf35e6c55bca84c4bb7b776c58152856fd4","tags":["x_transferred"]},{"url":"https://github.com/torvalds/linux/commit/56b88b50565cd8b946a2d00b0c83927b7ebb055e","tags":["x_transferred"]},{"url":"https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html","tags":["x_transferred"]}]},{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2023-0266","role":"CISA Coordinator","options":[{"Exploitation":"active"},{"Automatable":"no"},{"Technical Impact":"total"}],"version":"2.0.3","timestamp":"2025-01-29T15:07:49.761602Z"}}},{"other":{"type":"kev","content":{"dateAdded":"2023-03-30","reference":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-0266"}}}],"references":[{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-0266","tags":["government-resource"]}],"timeline":[{"time":"2023-03-30T00:00:00.000Z","lang":"en","value":"CVE-2023-0266 added to CISA KEV"}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-10-21T23:15:27.844Z"}}]}}