Lucene search

K
ubuntucveUbuntu.comUB:CVE-2023-0266
HistoryJan 30, 2023 - 12:00 a.m.

CVE-2023-0266

2023-01-3000:00:00
ubuntu.com
ubuntu.com
154
alsa pcm
linux kernel
privilege escalation
use after free
upgrade
commit 56b88b50565cd8b946a2d00b0c83927b7ebb055e
sndrv_ctl_ioctl_elem_{read|write}32
locks
priviledge escalation
access
history
snd_ctl_elem_read()
compat path
usn-5975-1
usn-6009-1

CVSS3

7.9

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:H

EPSS

0.001

Percentile

35.5%

A use after free vulnerability exists in the ALSA PCM package in the Linux
Kernel. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 is missing locks that can be
used in a use-after-free that can result in a priviledge escalation to gain
ring0 access from the system user. We recommend upgrading past commit
56b88b50565cd8b946a2d00b0c83927b7ebb055e

Notes

Author Note
sbeattie the fix commit claims that the issues is only present in 5.13 and newer, but it’s not clear why, from both the history of the snd_ctl_elem_read() path and the compat path.
rodrigo-zaiden USN-5975-1 first publication included esm/xenial linux-gcp version 4.15.0-1146.162~16.04.1 by mistake, it got fixed in version 4.15.0-1147.163~16.04.1 as published in USN-6009-1.
OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchlinux< 4.15.0-208.220UNKNOWN
ubuntu20.04noarchlinux< 5.4.0-144.161UNKNOWN
ubuntu22.04noarchlinux< 5.15.0-69.76UNKNOWN
ubuntu22.10noarchlinux< 5.19.0-38.39UNKNOWN
ubuntu18.04noarchlinux-aws< 4.15.0-1153.166UNKNOWN
ubuntu20.04noarchlinux-aws< 5.4.0-1097.105UNKNOWN
ubuntu22.04noarchlinux-aws< 5.15.0-1033.37UNKNOWN
ubuntu22.10noarchlinux-aws< 5.19.0-1022.23UNKNOWN
ubuntu20.04noarchlinux-aws-5.15< 5.15.0-1033.37~20.04.1UNKNOWN
ubuntu18.04noarchlinux-aws-5.4< 5.4.0-1097.105~18.04.1UNKNOWN
Rows per page:
1-10 of 761

References

CVSS3

7.9

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:H

EPSS

0.001

Percentile

35.5%