CVE-2023-0266
Published: 30 January 2023
Summary
CVE-2023-0266 is a high-severity Use After Free (CWE-416) vulnerability in Linux Linux Kernel. Its CVSS base score is 7.9 (High).
Operationally, ranked at the 39.2th percentile by exploit likelihood (below the median); CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Deeper analysis
A use-after-free vulnerability exists in the ALSA PCM subsystem of the Linux kernel, specifically in the handling of SNDRV_CTL_IOCTL_ELEM_READ32 and SNDRV_CTL_IOCTL_ELEM_WRITE32 ioctls. The flaw stems from missing locks that allow a freed object to be accessed, and it is tracked as CWE-416. The affected component is the kernel's sound control logic, with the recommended fix being to apply changes past commit 56b88b50565cd8b946a2d00b0c83927b7ebb055e.
A local user with low privileges can exploit the race condition to achieve privilege escalation, obtaining ring-0 kernel access. The CVSS vector reflects an adjacent-network attack path with high attack complexity, limited confidentiality impact, and high integrity and availability impact that crosses a security boundary.
Upstream patches relocate the rwsem lock inside snd_ctl_elem_read to close the window, and distributions such as Debian have issued corresponding updates in their LTS kernels. The current EPSS score remains low at 0.0018 with no indicated upward trajectory.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-12345
Vulnerability details
A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 is missing locks that can be used in a use-after-free that can result in a priviledge escalation to gain ring0 access from the system…
more
user. We recommend upgrading past commit 56b88b50565cd8b946a2d00b0c83927b7ebb055e
- CWE(s)
- KEV Date Added
- 30 March 2023
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires timely application of the vendor patch (commit 56b88b50565cd8b946a2d00b0c83927b7ebb055e) that adds the missing rwsem lock around SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32.
Mandates memory-protection mechanisms that would block or detect the use-after-free (CWE-416) during ALSA control-element handling before privilege escalation occurs.
Enforces correct access-control checks and locking inside kernel ioctls, closing the race window that allows a local user to obtain ring-0 privileges.