Cyber Resilience

CVE-2023-0266

HighCISA KEVActive ExploitationEUVD Exploited

Published: 30 January 2023

Published
30 January 2023
Modified
24 October 2025
KEV Added
30 March 2023
Patch
CVSS Score v3.1 7.9 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:H
EPSS Score 0.0018 39.2th percentile
Risk Priority 36 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-0266 is a high-severity Use After Free (CWE-416) vulnerability in Linux Linux Kernel. Its CVSS base score is 7.9 (High).

Operationally, ranked at the 39.2th percentile by exploit likelihood (below the median); CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Deeper analysis

A use-after-free vulnerability exists in the ALSA PCM subsystem of the Linux kernel, specifically in the handling of SNDRV_CTL_IOCTL_ELEM_READ32 and SNDRV_CTL_IOCTL_ELEM_WRITE32 ioctls. The flaw stems from missing locks that allow a freed object to be accessed, and it is tracked as CWE-416. The affected component is the kernel's sound control logic, with the recommended fix being to apply changes past commit 56b88b50565cd8b946a2d00b0c83927b7ebb055e.

A local user with low privileges can exploit the race condition to achieve privilege escalation, obtaining ring-0 kernel access. The CVSS vector reflects an adjacent-network attack path with high attack complexity, limited confidentiality impact, and high integrity and availability impact that crosses a security boundary.

Upstream patches relocate the rwsem lock inside snd_ctl_elem_read to close the window, and distributions such as Debian have issued corresponding updates in their LTS kernels. The current EPSS score remains low at 0.0018 with no indicated upward trajectory.

EU & UK References

Vulnerability details

A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 is missing locks that can be used in a use-after-free that can result in a priviledge escalation to gain ring0 access from the system…

more

user. We recommend upgrading past commit 56b88b50565cd8b946a2d00b0c83927b7ebb055e

CWE(s)
KEV Date Added
30 March 2023

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

debian
debian linux
10.0
linux
linux kernel
4.14 — 4.14.303 · 4.15 — 4.19.270 · 4.20 — 5.4.229

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires timely application of the vendor patch (commit 56b88b50565cd8b946a2d00b0c83927b7ebb055e) that adds the missing rwsem lock around SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32.

prevent

Mandates memory-protection mechanisms that would block or detect the use-after-free (CWE-416) during ALSA control-element handling before privilege escalation occurs.

prevent

Enforces correct access-control checks and locking inside kernel ioctls, closing the race window that allows a local user to obtain ring-0 privileges.

References