Lucene search

K
debiancveDebian Security Bug TrackerDEBIANCVE:CVE-2023-0266
HistoryJan 30, 2023 - 2:15 p.m.

CVE-2023-0266

2023-01-3014:15:10
Debian Security Bug Tracker
security-tracker.debian.org
42
linux kernel
alsa pcm
vulnerability

CVSS3

7.9

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:H

AI Score

8.2

Confidence

High

EPSS

0.001

Percentile

35.5%

A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel.Β SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 is missing locks that can be used in a use-after-free that can result in a priviledge escalation to gain ring0 access from the system user. We recommend upgrading past commitΒ 56b88b50565cd8b946a2d00b0c83927b7ebb055e

CVSS3

7.9

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:H

AI Score

8.2

Confidence

High

EPSS

0.001

Percentile

35.5%