CVE-2023-0266
Use after free in SNDRV_CTL_IOCTL_ELEM in Linux Kernel
In short
A memory vulnerability in the Linux Kernel's ALSA audio system allows an attacker with basic user privileges to access and modify memory that has already been freed, potentially gaining full system control (root access).
Technical detail
A use-after-free vulnerability in SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 ioctl handlers lacks proper synchronization, allowing a local unprivileged user to trigger a race condition and access freed kernel memory. Successful exploitation leads to arbitrary code execution with kernel privileges (ring0), enabling privilege escalation from user to root.
Summary generated and translated by AI from the official description.
A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 is missing locks that can be used in a use-after-free that can result in a priviledge escalation to gain ring0 access from the system user. We recommend upgrading past commit 56b88b50565cd8b946a2d00b0c83927b7ebb055e
CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:H
Affected products
Linux · Linux Kernelpublic PoCs found — 1
githubgithub.com/SeanHeelan/claude_opus_cve_2023_0266★ 17⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://github.com/torvalds/linux/commit/56b88b50565cd8b946a2d00b0c83927b7ebb055ehttps://github.com/torvalds/linux/commit/becf9e5d553c2389d857a3c178ce80fdb34a02e1https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tree/queue-5.10/alsa-pcm-move-rwsem-lock-inside-snd_ctl_elem_read-to-prevent-uaf.patch?id=72783cf35e6c55bca84c4bb7b776c58152856fd4https://lists.debian.org/debian-lts-announce/2023/05/msg00006.htmlhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-0266