CVE-2023-0266

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-0266

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-0266.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-0266

Aliases

A-265303544
PUB-A-265303544

Downstream

DEBIAN-CVE-2023-0266

DLA-3349-1

DLA-3403-1

DSA-5324-1

OESA-2023-1198

OESA-2023-1199

OESA-2023-1200

OESA-2023-1201

RHSA-2023:1202

RHSA-2023:1203

RHSA-2023:1435

RHSA-2023:1469

RHSA-2023:1470

RHSA-2023:1471

RHSA-2023:1554

RHSA-2023:1556

RHSA-2023:1557

RHSA-2023:1559

RHSA-2023:1560

RHSA-2023:1566

RHSA-2023:1584

RHSA-2023:1588

RHSA-2023:1590

RHSA-2023:1659

RHSA-2023:1660

RHSA-2023:1662

RHSA-2023:1666

RHSA-2023:1677

SUSE-SU-2023:0152-1

SUSE-SU-2023:0394-1

SUSE-SU-2023:0406-1

SUSE-SU-2023:0433-1

SUSE-SU-2023:0485-1

SUSE-SU-2023:0488-1

SUSE-SU-2023:0618-1

SUSE-SU-2023:0634-1

SUSE-SU-2023:0779-1

SUSE-SU-2023:1576-1

SUSE-SU-2023:1591-1

SUSE-SU-2023:1592-1

SUSE-SU-2023:1595-1

SUSE-SU-2023:1602-1

SUSE-SU-2023:1619-1

SUSE-SU-2023:1639-1

SUSE-SU-2023:1640-1

SUSE-SU-2023:1647-1

SUSE-SU-2023:1649-1

SUSE-SU-2023:1653-1

SUSE-SU-2023:1708-1

Related

Published

2023-01-30T14:15:10Z

Modified

2025-09-16T14:15:56Z

Severity

7.0 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel. SNDRVCTLIOCTLELEM{READ|WRITE}32 is missing locks that can be used in a use-after-free that can result in a priviledge escalation to gain ring0 access from the system user. We recommend upgrading past commit 56b88b50565cd8b946a2d00b0c83927b7ebb055e

References

Affected packages