CVE-2023-0266
published 2023-01-30CVE-2023-0266: A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 is missing locks that can be used in a…
PriorityP181high7CVSS 3.1
AVLACHPRLUINSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2023-04-20
Exploited in the wild
EPSS
3.70%
88.4th percentile
A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 is missing locks that can be used in a use-after-free that can result in a priviledge escalation to gain ring0 access from the system user. We recommend upgrading past commit 56b88b50565cd8b946a2d00b0c83927b7ebb055e
Affected
25 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | linux | < linux 6.1.7-1 (bookworm) | linux 6.1.7-1 (bookworm) |
| android | — | — | |
| chrome_chrome | — | — | |
| linux | linux_kernel | >= 0 < 5.10.162-1 | 5.10.162-1 |
| linux | linux_kernel | >= 0 < 6.1.7-1 | 6.1.7-1 |
| linux | linux_kernel | >= 0 < 6.1.7-1 | 6.1.7-1 |
| linux | linux_kernel | >= 0 < 6.1.7-1 | 6.1.7-1 |
| linux | linux_kernel | >= 0 < 4.15.0-208.220 | 4.15.0-208.220 |
| linux | linux_kernel | >= 0 < 5.4.0-144.161 | 5.4.0-144.161 |
| linux | linux_kernel | >= 0 < 5.15.0-69.76 | 5.15.0-69.76 |
| linux | linux_kernel | >= 4.14 < 56b88b50565cd8b946a2d00b0c83927b7ebb055e | 56b88b50565cd8b946a2d00b0c83927b7ebb055e |
| linux | linux_kernel | >= 4.14 < 4.14.303 | 4.14.303 |
| linux | linux_kernel | >= 4.15 < 4.19.270 | 4.19.270 |
| linux | linux_kernel | >= 4.20 < 5.4.229 | 5.4.229 |
| linux | linux_kernel | >= 5.11 < 5.15.88 | 5.15.88 |
| linux | linux_kernel | >= 5.16 < 6.1.6 | 6.1.6 |
| linux | linux_kernel | >= 5.5 < 5.10.163 | 5.10.163 |
| msrc | cbl2_hyperv-daemons_5.15.92.1-1_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_kernel_5.15.92.1-1_on_cbl_mariner_2.0 | — | — |
| msrc | cbl_mariner_2.0_arm | — | — |
| msrc | cbl_mariner_2.0_x64 | — | — |
| msrc | cm1_hyperv-daemons_5.10.168.1-1_on_cbl_mariner_1.0 | — | — |
| msrc | cm1_kernel_5.10.168.1-1_on_cbl_mariner_1.0 | — | — |
| paloalto | pan-os | — | — |
Detection & IOCsextracted from sources · hover to see the quote
urlhttps://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tree/queue-5.10/alsa-pcm-move-rwsem-lock-inside-snd_ctl_elem_read-to-prevent-uaf.patch?id=72783cf35e6c55bca84c4bb7b776c58152856fd4↗
- →Monitor for use-after-free exploitation attempts targeting snd_ctl_elem_read in the ALSA subsystem via the compat ioctl path (SNDRV_CTL_IOCTL_ELEM_READ/WRITE32), which can lead to privilege escalation to ring0. ↗
- →Detect unexpected privilege escalation from a local system user to ring0 on Linux systems with ALSA PCM loaded, particularly via the compat path in sound/core/control.c. ↗
- →Check for presence of unpatched kernel versions: fix is included in Linux 6.1.7-1 (Debian bookworm/sid/trixie/forky) and 5.10.162-1 (Debian bullseye). Systems running older versions should be considered at risk. ↗
- ·As a temporary mitigation, blacklisting ALSA/sound kernel modules prevents the vulnerable code path from loading. This disables sound functionality but blocks exploitation. ↗
- ·Red Hat Enterprise Linux 6 and 7 (including kernel-rt) are listed as Not Affected for this CVE. ↗
- ·The vulnerability is exploitable only locally (scope: local) by a normal privileged user, not remotely. ↗
CVSS provenance
nvdv3.17.0HIGHCVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
osv8.8HIGH
vulncheck7.9HIGH
cisa7.0HIGH
vendor_debian7.9HIGH
vendor_redhat7.9HIGH
vendor_msrc7.8HIGH
vendor_ubuntu6.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Palo Alto
PAN-SA-2024-0001 Informational Bulletin: Impact of OSS CVEs in PAN-OS
vendor_paloalto·2024-02-14·CVSS 9.8
CVE-2017-18342 [CRITICAL] PAN-SA-2024-0001 Informational Bulletin: Impact of OSS CVEs in PAN-OS
PAN-SA-2024-0001 Informational Bulletin: Impact of OSS CVEs in PAN-OS
The Palo Alto Networks Product Security Assurance team has evaluated the following open source software (OSS) CVEs as they relate to PAN-OS software. While PAN-OS software may include the
CVEs: CVE-2017-18342, CVE-2017-8923, CVE-2017-9120, CVE-2019-1551, CVE-2019-16865, CVE-2019-16905, CVE-2019-19523, CVE-2019-19528, CVE-2019-19911, CVE-2020-0404, CVE-2020-0431, CVE-2020-0466, CVE-2020-10379, CVE-2020-11538, CVE-2020-11608, CVE-2020-12114, CVE-2020-12321, CVE-2020-12362, CVE-2020-12363, CVE-2020-12364, CVE-2020-13757, CVE-2020-14314, CVE-2020-14351, CVE-2020-15778, CVE-2020-1967, CVE-2020-24394, CVE-2020-24504, CVE-2020-25211, CVE-2020-25212, CVE-2020-25284, CVE-2020-25285, CVE-2020-25717, CVE-2020-26541, CVE-2020-2715
Android
CVE-2023-0266: Kernel
vendor_android·2023-05-01·CVSS 7.9
CVE-2023-0266 [HIGH] CVE-2023-0266: Kernel
Android Security Bulletin 2023-05-01
CVE: CVE-2023-0266
Severity: MEDIUM
Type: EoP
Component: Kernel
References: A-265303544
Upstream kernel
Chrome
Long Term Support Channel Update for ChromeOS: CVE-2023-0266
vendor_chrome·2023-04-27·CVSS 7.9
CVE-2023-0266 [HIGH] Long Term Support Channel Update for ChromeOS: CVE-2023-0266
Long Term Support Channel Update for ChromeOS
CVE-2023-0266
Ubuntu
Linux kernel (Qualcomm Snapdragon) vulnerabilities
vendor_ubuntu·2023-04-19·CVSS 5.5
CVE-2022-3424 [MEDIUM] Linux kernel (Qualcomm Snapdragon) vulnerabilities
Title: Linux kernel (Qualcomm Snapdragon) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
It was discovered that the Traffic-Control Index (TCINDEX) implementation
in the Linux kernel contained a use-after-free vulnerability. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2023-1281)
It was discovered that the System V IPC implementation in the Linux kernel
did not properly handle large shared memory counts. A local attacker could
use this to cause a denial of service (memory exhaustion). (CVE-2021-3669)
It was discovered that a use-after-free vulnerability existed in the SGI
GRU driver in the Linux kernel. A local attacker could possibly use this to
cause a denial of service (system c
Ubuntu
Linux kernel (Intel IoTG) vulnerabilities
vendor_ubuntu·2023-04-11·CVSS 5.8
CVE-2023-23454 [MEDIUM] Linux kernel (Intel IoTG) vulnerabilities
Title: Linux kernel (Intel IoTG) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
It was discovered that the KVM VMX implementation in the Linux kernel did
not properly handle indirect branch prediction isolation between L1 and L2
VMs. An attacker in a guest VM could use this to expose sensitive
information from the host OS or other guest VMs. (CVE-2022-2196)
It was discovered that a use-after-free vulnerability existed in the SGI
GRU driver in the Linux kernel. A local attacker could possibly use this to
cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2022-3424)
Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux
kernel contained an out-of-bounds write vulnerability. A local attacker
could use th
Ubuntu
Linux kernel (GCP) vulnerabilities
vendor_ubuntu·2023-04-11·CVSS 5.5
CVE-2023-23559 [MEDIUM] Linux kernel (GCP) vulnerabilities
Title: Linux kernel (GCP) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
It was discovered that the System V IPC implementation in the Linux kernel
did not properly handle large shared memory counts. A local attacker could
use this to cause a denial of service (memory exhaustion). (CVE-2021-3669)
It was discovered that a use-after-free vulnerability existed in the SGI
GRU driver in the Linux kernel. A local attacker could possibly use this to
cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2022-3424)
Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux
kernel contained an out-of-bounds write vulnerability. A local attacker
could use this to cause a denial of service (system crash).
(CVE-2022-3628
Ubuntu
Linux kernel (BlueField) vulnerabilities
vendor_ubuntu·2023-04-05·CVSS 5.5
CVE-2023-20938 [MEDIUM] Linux kernel (BlueField) vulnerabilities
Title: Linux kernel (BlueField) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
It was discovered that the Upper Level Protocol (ULP) subsystem in the
Linux kernel did not properly handle sockets entering the LISTEN state in
certain protocols, leading to a use-after-free vulnerability. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2023-0461)
It was discovered that the NVMe driver in the Linux kernel did not properly
handle reset events in some situations. A local attacker could use this to
cause a denial of service (system crash). (CVE-2022-3169)
It was discovered that a use-after-free vulnerability existed in the SGI
GRU driver in the Linux kernel. A local attacker could possibly us
Ubuntu
Linux kernel (GCP) vulnerabilities
vendor_ubuntu·2023-03-31·CVSS 5.5
CVE-2022-3424 [MEDIUM] Linux kernel (GCP) vulnerabilities
Title: Linux kernel (GCP) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
It was discovered that the System V IPC implementation in the Linux kernel
did not properly handle large shared memory counts. A local attacker could
use this to cause a denial of service (memory exhaustion). (CVE-2021-3669)
It was discovered that a use-after-free vulnerability existed in the SGI
GRU driver in the Linux kernel. A local attacker could possibly use this to
cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2022-3424)
Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux
kernel contained an out-of-bounds write vulnerability. A local attacker
could use this to cause a denial of service (system crash).
(CVE-2022-3628
CISA
Linux Kernel Use-After-Free Vulnerability
cisa·2023-03-30·CVSS 7.0
CVE-2023-0266 [HIGH] CWE-416 Linux Kernel Use-After-Free Vulnerability
Vulnerability: Linux Kernel Use-After-Free Vulnerability
Affected: Linux Kernel
Linux kernel contains a use-after-free vulnerability that allows for privilege escalation to gain ring0 access from the system user.
Required Action: Apply updates per vendor instructions.
Notes: https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tree/queue-5.10/alsa-pcm-move-rwsem-lock-inside-snd_ctl_elem_read-to-prevent-uaf.patch?id=72783cf35e6c55bca84c4bb7b776c58152856fd4; https://nvd.nist.gov/vuln/detail/CVE-2023-0266
Remediation Due Date: 2023-04-20
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2023-03-29·CVSS 5.5
CVE-2023-0394 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
It was discovered that the System V IPC implementation in the Linux kernel
did not properly handle large shared memory counts. A local attacker could
use this to cause a denial of service (memory exhaustion). (CVE-2021-3669)
It was discovered that a use-after-free vulnerability existed in the SGI
GRU driver in the Linux kernel. A local attacker could possibly use this to
cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2022-3424)
Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux
kernel contained an out-of-bounds write vulnerability. A local attacker
could use this to cause a denial of service (system crash).
(CVE-2022-36280)
Hy
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2023-03-29·CVSS 5.8
CVE-2023-0210 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
It was discovered that the KVM VMX implementation in the Linux kernel did
not properly handle indirect branch prediction isolation between L1 and L2
VMs. An attacker in a guest VM could use this to expose sensitive
information from the host OS or other guest VMs. (CVE-2022-2196)
It was discovered that a use-after-free vulnerability existed in the SGI
GRU driver in the Linux kernel. A local attacker could possibly use this to
cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2022-3424)
Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux
kernel contained an out-of-bounds write vulnerability. A local attacker
could use this to cause a
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2023-03-28·CVSS 5.5
CVE-2022-41218 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
It was discovered that the System V IPC implementation in the Linux kernel
did not properly handle large shared memory counts. A local attacker could
use this to cause a denial of service (memory exhaustion). (CVE-2021-3669)
It was discovered that a use-after-free vulnerability existed in the SGI
GRU driver in the Linux kernel. A local attacker could possibly use this to
cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2022-3424)
Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux
kernel contained an out-of-bounds write vulnerability. A local attacker
could use this to cause a denial of service (system crash).
(CVE-2022-36280)
Hy
Ubuntu
Linux kernel (HWE) vulnerabilities
vendor_ubuntu·2023-03-28·CVSS 5.8
CVE-2023-0469 [MEDIUM] Linux kernel (HWE) vulnerabilities
Title: Linux kernel (HWE) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
It was discovered that the KVM VMX implementation in the Linux kernel did
not properly handle indirect branch prediction isolation between L1 and L2
VMs. An attacker in a guest VM could use this to expose sensitive
information from the host OS or other guest VMs. (CVE-2022-2196)
It was discovered that a race condition existed in the Xen network backend
driver in the Linux kernel when handling dropped packets in certain
circumstances. An attacker could use this to cause a denial of service
(kernel deadlock). (CVE-2022-42328, CVE-2022-42329)
Gerald Lee discovered that the USB Gadget file system implementation in the
Linux kernel contained a race condition, leading to a use-after-fre
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2023-03-27·CVSS 5.5
CVE-2022-43750 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Updated on 2023-04-11:
Please note that when USN 5975-1 was originally published, it incorrectly
included the linux-gcp kernel for Ubuntu 16.04 ESM. References to that
kernel have been removed from this USN and the correct information for it
has been published in USN 6007-1.
Original advisory details:
It was discovered that the Upper Level Protocol (ULP) subsystem in the
Linux kernel did not properly handle sockets entering the LISTEN state in
certain protocols, leading to a use-after-free vulnerability. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2023-0461)
It was discovered that the System V IPC implementation i
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2023-03-23·CVSS 5.8
CVE-2022-4382 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
It was discovered that the KVM VMX implementation in the Linux kernel did
not properly handle indirect branch prediction isolation between L1 and L2
VMs. An attacker in a guest VM could use this to expose sensitive
information from the host OS or other guest VMs. (CVE-2022-2196)
It was discovered that a race condition existed in the Xen network backend
driver in the Linux kernel when handling dropped packets in certain
circumstances. An attacker could use this to cause a denial of service
(kernel deadlock). (CVE-2022-42328, CVE-2022-42329)
Gerald Lee discovered that the USB Gadget file system implementation in the
Linux kernel contained a race condition, leading to a use-after-free
vuln
Ubuntu
Linux kernel (IBM) vulnerabilities
vendor_ubuntu·2023-03-14·CVSS 5.5
CVE-2022-3521 [MEDIUM] Linux kernel (IBM) vulnerabilities
Title: Linux kernel (IBM) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
It was discovered that the Upper Level Protocol (ULP) subsystem in the
Linux kernel did not properly handle sockets entering the LISTEN state in
certain protocols, leading to a use-after-free vulnerability. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2023-0461)
It was discovered that the NVMe driver in the Linux kernel did not properly
handle reset events in some situations. A local attacker could use this to
cause a denial of service (system crash). (CVE-2022-3169)
It was discovered that a use-after-free vulnerability existed in the SGI
GRU driver in the Linux kernel. A local attacker could possibly use this
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities
vendor_ubuntu·2023-03-09·CVSS 5.5
CVE-2022-41218 [MEDIUM] Linux kernel (Raspberry Pi) vulnerabilities
Title: Linux kernel (Raspberry Pi) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
It was discovered that the Upper Level Protocol (ULP) subsystem in the
Linux kernel did not properly handle sockets entering the LISTEN state in
certain protocols, leading to a use-after-free vulnerability. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2023-0461)
It was discovered that the NVMe driver in the Linux kernel did not properly
handle reset events in some situations. A local attacker could use this to
cause a denial of service (system crash). (CVE-2022-3169)
It was discovered that a use-after-free vulnerability existed in the SGI
GRU driver in the Linux kernel. A local attacker could possibly
Ubuntu
Linux kernel (GCP) vulnerabilities
vendor_ubuntu·2023-03-08·CVSS 5.5
CVE-2022-3521 [MEDIUM] Linux kernel (GCP) vulnerabilities
Title: Linux kernel (GCP) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
It was discovered that the Upper Level Protocol (ULP) subsystem in the
Linux kernel did not properly handle sockets entering the LISTEN state in
certain protocols, leading to a use-after-free vulnerability. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2023-0461)
It was discovered that the NVMe driver in the Linux kernel did not properly
handle reset events in some situations. A local attacker could use this to
cause a denial of service (system crash). (CVE-2022-3169)
It was discovered that a use-after-free vulnerability existed in the SGI
GRU driver in the Linux kernel. A local attacker could possibly use this
Ubuntu
Linux kernel (Azure) vulnerabilities
vendor_ubuntu·2023-03-07·CVSS 5.5
CVE-2022-36280 [MEDIUM] Linux kernel (Azure) vulnerabilities
Title: Linux kernel (Azure) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
It was discovered that the Upper Level Protocol (ULP) subsystem in the
Linux kernel did not properly handle sockets entering the LISTEN state in
certain protocols, leading to a use-after-free vulnerability. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2023-0461)
It was discovered that the System V IPC implementation in the Linux kernel
did not properly handle large shared memory counts. A local attacker could
use this to cause a denial of service (memory exhaustion). (CVE-2021-3669)
It was discovered that a use-after-free vulnerability existed in the SGI
GRU driver in the Linux kernel. A local attacker could
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities
vendor_ubuntu·2023-03-07·CVSS 5.5
CVE-2022-3623 [MEDIUM] Linux kernel (Raspberry Pi) vulnerabilities
Title: Linux kernel (Raspberry Pi) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
It was discovered that the Upper Level Protocol (ULP) subsystem in the
Linux kernel did not properly handle sockets entering the LISTEN state in
certain protocols, leading to a use-after-free vulnerability. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2023-0461)
It was discovered that the NVMe driver in the Linux kernel did not properly
handle reset events in some situations. A local attacker could use this to
cause a denial of service (system crash). (CVE-2022-3169)
It was discovered that a use-after-free vulnerability existed in the SGI
GRU driver in the Linux kernel. A local attacker could possibly
Ubuntu
Linux kernel (Azure) vulnerabilities
vendor_ubuntu·2023-03-06·CVSS 5.5
CVE-2022-42329 [MEDIUM] Linux kernel (Azure) vulnerabilities
Title: Linux kernel (Azure) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
It was discovered that the Upper Level Protocol (ULP) subsystem in the
Linux kernel did not properly handle sockets entering the LISTEN state in
certain protocols, leading to a use-after-free vulnerability. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2023-0461)
It was discovered that the System V IPC implementation in the Linux kernel
did not properly handle large shared memory counts. A local attacker could
use this to cause a denial of service (memory exhaustion). (CVE-2021-3669)
It was discovered that an out-of-bounds write vulnerability existed in the
Video for Linux 2 (V4L2) implementation in the Linux
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2023-03-03·CVSS 5.5
CVE-2022-3623 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
It was discovered that the Upper Level Protocol (ULP) subsystem in the
Linux kernel did not properly handle sockets entering the LISTEN state in
certain protocols, leading to a use-after-free vulnerability. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2023-0461)
It was discovered that the NVMe driver in the Linux kernel did not properly
handle reset events in some situations. A local attacker could use this to
cause a denial of service (system crash). (CVE-2022-3169)
It was discovered that a use-after-free vulnerability existed in the SGI
GRU driver in the Linux kernel. A local attacker could possibly use this to
ca
Ubuntu
Linux kernel (OEM) vulnerabilities
vendor_ubuntu·2023-03-03·CVSS 6.3
CVE-2022-4379 [MEDIUM] Linux kernel (OEM) vulnerabilities
Title: Linux kernel (OEM) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
It was discovered that the Upper Level Protocol (ULP) subsystem in the
Linux kernel did not properly handle sockets entering the LISTEN state in
certain protocols, leading to a use-after-free vulnerability. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2023-0461)
Davide Ornaghi discovered that the netfilter subsystem in the Linux kernel
did not properly handle VLAN headers in some situations. A local attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2023-0179)
Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux
kernel contained a
Red Hat
ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF
vendor_redhat·2023-01-13·CVSS 7.9
CVE-2023-0266 [HIGH] CWE-416 ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF
ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF
A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 is missing locks that can be used in a use-after-free that can result in a priviledge escalation to gain ring0 access from the system user. We recommend upgrading past commit 56b88b50565cd8b946a2d00b0c83927b7ebb055e
A use-after-free flaw was found in snd_ctl_elem_read in sound/core/control.c in Advanced Linux Sound Architecture (ALSA) subsystem in the Linux kernel. In this flaw a normal privileged, local attacker may impact the system due to a locking issue in the compat path, leading to a kernel information leak problem.
Mitigation: To mitigate this issue, skip loading (blacklist) the affected soundcard
Microsoft
Use after free in SNDRV_CTL_IOCTL_ELEM in Linux Kernel
vendor_msrc·2023-01-10·CVSS 7.8
CVE-2023-0266 [HIGH] CWE-416 Use after free in SNDRV_CTL_IOCTL_ELEM in Linux Kernel
Use after free in SNDRV_CTL_IOCTL_ELEM in Linux Kernel
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this.
Mariner: Mariner
Google: Google
Customer Action Required: Yes
Remediation: CBL-Mariner Releases
Reference: https://lear
Debian
CVE-2023-0266: linux - A use after free vulnerability exists in the ALSA PCM package in the Linux Kerne...
vendor_debian·2023·CVSS 7.9
CVE-2023-0266 [HIGH] CVE-2023-0266: linux - A use after free vulnerability exists in the ALSA PCM package in the Linux Kerne...
A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 is missing locks that can be used in a use-after-free that can result in a priviledge escalation to gain ring0 access from the system user. We recommend upgrading past commit 56b88b50565cd8b946a2d00b0c83927b7ebb055e
Scope: local
bookworm: resolved (fixed in 6.1.7-1)
bullseye: resolved (fixed in 5.10.162-1)
forky: resolved (fixed in 6.1.7-1)
sid: resolved (fixed in 6.1.7-1)
trixie: resolved (fixed in 6.1.7-1)
Project0
Analyzing a Modern In-the-wild Android Exploit - Project Zero
project_zero·2023-09-01·CVSS 7.8
CVE-2022-22706 [HIGH] Analyzing a Modern In-the-wild Android Exploit - Project Zero
By Seth Jenkins, Project Zero
## Introduction
In December 2022, Google’s Threat Analysis Group (TAG) discovered an in-the-wild exploit chain targeting Samsung Android devices. TAG’s blog post covers the targeting and the actor behind the campaign. This is a technical analysis of the final stage of one of the exploit chains, specifically CVE-2023-0266 (a 0-day in the ALSA compatibility layer) and CVE-2023-26083 (a 0-day in the Mali GPU driver) as well as the techniques used by the attacker to gain kernel arbitrary read/write access.
Notably, several of the previous stages of the exploit chain used n-day vulnerabilities:
-
CVE-2022-4262, a 0-day vulnerability in Chrome was exploited in the Samsung browser to achieve RCE.
-
CVE-2022-3038, a Chrome n-day that unpatched in the Samsung
OSV
linux-snapdragon vulnerabilities
osv·2023-04-19·CVSS 5.5
CVE-2023-1281 [MEDIUM] linux-snapdragon vulnerabilities
linux-snapdragon vulnerabilities
It was discovered that the Traffic-Control Index (TCINDEX) implementation
in the Linux kernel contained a use-after-free vulnerability. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2023-1281)
It was discovered that the System V IPC implementation in the Linux kernel
did not properly handle large shared memory counts. A local attacker could
use this to cause a denial of service (memory exhaustion). (CVE-2021-3669)
It was discovered that a use-after-free vulnerability existed in the SGI
GRU driver in the Linux kernel. A local attacker could possibly use this to
cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2022-3424)
Ziming Zhang discovered that the
OSV
linux-intel-iotg vulnerabilities
osv·2023-04-11·CVSS 8.8
CVE-2022-2196 [HIGH] linux-intel-iotg vulnerabilities
linux-intel-iotg vulnerabilities
It was discovered that the KVM VMX implementation in the Linux kernel did
not properly handle indirect branch prediction isolation between L1 and L2
VMs. An attacker in a guest VM could use this to expose sensitive
information from the host OS or other guest VMs. (CVE-2022-2196)
It was discovered that a use-after-free vulnerability existed in the SGI
GRU driver in the Linux kernel. A local attacker could possibly use this to
cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2022-3424)
Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux
kernel contained an out-of-bounds write vulnerability. A local attacker
could use this to cause a denial of service (system crash).
(CVE-2022-36280)
Hyunwoo Kim disc
OSV
linux-gcp vulnerabilities
osv·2023-04-11·CVSS 5.5
CVE-2021-3669 [MEDIUM] linux-gcp vulnerabilities
linux-gcp vulnerabilities
It was discovered that the System V IPC implementation in the Linux kernel
did not properly handle large shared memory counts. A local attacker could
use this to cause a denial of service (memory exhaustion). (CVE-2021-3669)
It was discovered that a use-after-free vulnerability existed in the SGI
GRU driver in the Linux kernel. A local attacker could possibly use this to
cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2022-3424)
Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux
kernel contained an out-of-bounds write vulnerability. A local attacker
could use this to cause a denial of service (system crash).
(CVE-2022-36280)
Hyunwoo Kim discovered that the DVB Core driver in the Linux kernel did not
pr
OSV
linux-bluefield vulnerabilities
osv·2023-04-05·CVSS 5.5
CVE-2023-0461 [MEDIUM] linux-bluefield vulnerabilities
linux-bluefield vulnerabilities
It was discovered that the Upper Level Protocol (ULP) subsystem in the
Linux kernel did not properly handle sockets entering the LISTEN state in
certain protocols, leading to a use-after-free vulnerability. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2023-0461)
It was discovered that the NVMe driver in the Linux kernel did not properly
handle reset events in some situations. A local attacker could use this to
cause a denial of service (system crash). (CVE-2022-3169)
It was discovered that a use-after-free vulnerability existed in the SGI
GRU driver in the Linux kernel. A local attacker could possibly use this to
cause a denial of service (system crash) or possibly execute arbitrary
c
OSV
CVE-2023-0266: In ctl_elem_read_user, ctl_elem_write_user of control_compat
osv·2023-04-01
CVE-2023-0266 CVE-2023-0266: In ctl_elem_read_user, ctl_elem_write_user of control_compat
In ctl_elem_read_user, ctl_elem_write_user of control_compat.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
OSV
linux-gcp-4.15 vulnerabilities
osv·2023-03-31·CVSS 5.5
CVE-2021-3669 [MEDIUM] linux-gcp-4.15 vulnerabilities
linux-gcp-4.15 vulnerabilities
It was discovered that the System V IPC implementation in the Linux kernel
did not properly handle large shared memory counts. A local attacker could
use this to cause a denial of service (memory exhaustion). (CVE-2021-3669)
It was discovered that a use-after-free vulnerability existed in the SGI
GRU driver in the Linux kernel. A local attacker could possibly use this to
cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2022-3424)
Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux
kernel contained an out-of-bounds write vulnerability. A local attacker
could use this to cause a denial of service (system crash).
(CVE-2022-36280)
Hyunwoo Kim discovered that the DVB Core driver in the Linux kernel did n
OSV
linux-gke, linux-gke-5.15, linux-ibm, linux-kvm vulnerabilities
osv·2023-03-29·CVSS 8.8
CVE-2022-2196 [HIGH] linux-gke, linux-gke-5.15, linux-ibm, linux-kvm vulnerabilities
linux-gke, linux-gke-5.15, linux-ibm, linux-kvm vulnerabilities
It was discovered that the KVM VMX implementation in the Linux kernel did
not properly handle indirect branch prediction isolation between L1 and L2
VMs. An attacker in a guest VM could use this to expose sensitive
information from the host OS or other guest VMs. (CVE-2022-2196)
It was discovered that a use-after-free vulnerability existed in the SGI
GRU driver in the Linux kernel. A local attacker could possibly use this to
cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2022-3424)
Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux
kernel contained an out-of-bounds write vulnerability. A local attacker
could use this to cause a denial of service (system crash).
(CV
OSV
linux, linux-aws, linux-dell300x, linux-kvm, linux-oracle, linux-raspi2 vulnerabilities
osv·2023-03-29·CVSS 5.5
CVE-2021-3669 [MEDIUM] linux, linux-aws, linux-dell300x, linux-kvm, linux-oracle, linux-raspi2 vulnerabilities
linux, linux-aws, linux-dell300x, linux-kvm, linux-oracle, linux-raspi2 vulnerabilities
It was discovered that the System V IPC implementation in the Linux kernel
did not properly handle large shared memory counts. A local attacker could
use this to cause a denial of service (memory exhaustion). (CVE-2021-3669)
It was discovered that a use-after-free vulnerability existed in the SGI
GRU driver in the Linux kernel. A local attacker could possibly use this to
cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2022-3424)
Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux
kernel contained an out-of-bounds write vulnerability. A local attacker
could use this to cause a denial of service (system crash).
(CVE-2022-36280)
Hyunwoo Kim disc
OSV
linux, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15, linux-azure-fde, linux-gcp, linux-gcp-5.15, linux-gkeop, linux-hwe-5.15, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-oracle, lin
osv·2023-03-28·CVSS 8.8
[HIGH] linux, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15, linux-azure-fde, linux-gcp, linux-gcp-5.15, linux-gkeop, linux-hwe-5.15, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-oracle, lin
linux, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15, linux-azure-fde, linux-gcp, linux-gcp-5.15, linux-gkeop, linux-hwe-5.15, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-oracle, linux-oracle-5.15, linux-raspi vulnerabilities
It was discovered that the KVM VMX implementation in the Linux kernel did
not properly handle indirect branch prediction isolation between L1 and L2
VMs. An attacker in a guest VM could use this to expose sensitive
information from the host OS or other guest VMs. (CVE-2022-2196)
It was discovered that a use-after-free vulnerability existed in the SGI
GRU driver in the Linux kernel. A local attacker could possibly use this to
cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2022-3424)
Ziming Zhang discovered that th
OSV
linux-hwe-5.19 vulnerabilities
osv·2023-03-28·CVSS 8.8
CVE-2022-2196 [HIGH] linux-hwe-5.19 vulnerabilities
linux-hwe-5.19 vulnerabilities
It was discovered that the KVM VMX implementation in the Linux kernel did
not properly handle indirect branch prediction isolation between L1 and L2
VMs. An attacker in a guest VM could use this to expose sensitive
information from the host OS or other guest VMs. (CVE-2022-2196)
It was discovered that a race condition existed in the Xen network backend
driver in the Linux kernel when handling dropped packets in certain
circumstances. An attacker could use this to cause a denial of service
(kernel deadlock). (CVE-2022-42328, CVE-2022-42329)
Gerald Lee discovered that the USB Gadget file system implementation in the
Linux kernel contained a race condition, leading to a use-after-free
vulnerability in some situations. A local attacker could use this to cause
OSV
linux-aws-hwe, linux-hwe, linux-oracle vulnerabilities
osv·2023-03-28·CVSS 5.5
CVE-2021-3669 [MEDIUM] linux-aws-hwe, linux-hwe, linux-oracle vulnerabilities
linux-aws-hwe, linux-hwe, linux-oracle vulnerabilities
It was discovered that the System V IPC implementation in the Linux kernel
did not properly handle large shared memory counts. A local attacker could
use this to cause a denial of service (memory exhaustion). (CVE-2021-3669)
It was discovered that a use-after-free vulnerability existed in the SGI
GRU driver in the Linux kernel. A local attacker could possibly use this to
cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2022-3424)
Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux
kernel contained an out-of-bounds write vulnerability. A local attacker
could use this to cause a denial of service (system crash).
(CVE-2022-36280)
Hyunwoo Kim discovered that the DVB Core driver i
OSV
linux-azure vulnerabilities
osv·2023-03-27·CVSS 5.5
[MEDIUM] linux-azure vulnerabilities
linux-azure vulnerabilities
Updated on 2023-04-11:
Please note that when USN 5975-1 was originally published, it incorrectly
included the linux-gcp kernel for Ubuntu 16.04 ESM. References to that
kernel have been removed from this USN and the correct information for it
has been published in USN 6007-1.
Original advisory details:
It was discovered that the Upper Level Protocol (ULP) subsystem in the
Linux kernel did not properly handle sockets entering the LISTEN state in
certain protocols, leading to a use-after-free vulnerability. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2023-0461)
It was discovered that the System V IPC implementation in the Linux kernel
did not properly handle large shared memory counts. A l
OSV
linux-ibm, linux-ibm-5.4 vulnerabilities
osv·2023-03-14·CVSS 5.5
CVE-2023-0461 [MEDIUM] linux-ibm, linux-ibm-5.4 vulnerabilities
linux-ibm, linux-ibm-5.4 vulnerabilities
It was discovered that the Upper Level Protocol (ULP) subsystem in the
Linux kernel did not properly handle sockets entering the LISTEN state in
certain protocols, leading to a use-after-free vulnerability. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2023-0461)
It was discovered that the NVMe driver in the Linux kernel did not properly
handle reset events in some situations. A local attacker could use this to
cause a denial of service (system crash). (CVE-2022-3169)
It was discovered that a use-after-free vulnerability existed in the SGI
GRU driver in the Linux kernel. A local attacker could possibly use this to
cause a denial of service (system crash) or possibly execute ar
OSV
linux-raspi-5.4 vulnerabilities
osv·2023-03-09·CVSS 5.5
CVE-2023-0461 [MEDIUM] linux-raspi-5.4 vulnerabilities
linux-raspi-5.4 vulnerabilities
It was discovered that the Upper Level Protocol (ULP) subsystem in the
Linux kernel did not properly handle sockets entering the LISTEN state in
certain protocols, leading to a use-after-free vulnerability. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2023-0461)
It was discovered that the NVMe driver in the Linux kernel did not properly
handle reset events in some situations. A local attacker could use this to
cause a denial of service (system crash). (CVE-2022-3169)
It was discovered that a use-after-free vulnerability existed in the SGI
GRU driver in the Linux kernel. A local attacker could possibly use this to
cause a denial of service (system crash) or possibly execute arbitrary
c
OSV
linux-gcp-5.4 vulnerabilities
osv·2023-03-08·CVSS 5.5
CVE-2023-0461 [MEDIUM] linux-gcp-5.4 vulnerabilities
linux-gcp-5.4 vulnerabilities
It was discovered that the Upper Level Protocol (ULP) subsystem in the
Linux kernel did not properly handle sockets entering the LISTEN state in
certain protocols, leading to a use-after-free vulnerability. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2023-0461)
It was discovered that the NVMe driver in the Linux kernel did not properly
handle reset events in some situations. A local attacker could use this to
cause a denial of service (system crash). (CVE-2022-3169)
It was discovered that a use-after-free vulnerability existed in the SGI
GRU driver in the Linux kernel. A local attacker could possibly use this to
cause a denial of service (system crash) or possibly execute arbitrary
cod
OSV
linux-raspi vulnerabilities
osv·2023-03-07·CVSS 5.5
CVE-2023-0461 [MEDIUM] linux-raspi vulnerabilities
linux-raspi vulnerabilities
It was discovered that the Upper Level Protocol (ULP) subsystem in the
Linux kernel did not properly handle sockets entering the LISTEN state in
certain protocols, leading to a use-after-free vulnerability. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2023-0461)
It was discovered that the NVMe driver in the Linux kernel did not properly
handle reset events in some situations. A local attacker could use this to
cause a denial of service (system crash). (CVE-2022-3169)
It was discovered that a use-after-free vulnerability existed in the SGI
GRU driver in the Linux kernel. A local attacker could possibly use this to
cause a denial of service (system crash) or possibly execute arbitrary
code.
OSV
linux-azure-4.15 vulnerabilities
osv·2023-03-07·CVSS 5.5
CVE-2023-0461 [MEDIUM] linux-azure-4.15 vulnerabilities
linux-azure-4.15 vulnerabilities
It was discovered that the Upper Level Protocol (ULP) subsystem in the
Linux kernel did not properly handle sockets entering the LISTEN state in
certain protocols, leading to a use-after-free vulnerability. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2023-0461)
It was discovered that the System V IPC implementation in the Linux kernel
did not properly handle large shared memory counts. A local attacker could
use this to cause a denial of service (memory exhaustion). (CVE-2021-3669)
It was discovered that a use-after-free vulnerability existed in the SGI
GRU driver in the Linux kernel. A local attacker could possibly use this to
cause a denial of service (system crash) or possibly ex
OSV
linux-azure, linux-azure, linux-azure vulnerabilities
osv·2023-03-06·CVSS 5.5
CVE-2023-0461 [MEDIUM] linux-azure, linux-azure, linux-azure vulnerabilities
linux-azure, linux-azure, linux-azure vulnerabilities
It was discovered that the Upper Level Protocol (ULP) subsystem in the
Linux kernel did not properly handle sockets entering the LISTEN state in
certain protocols, leading to a use-after-free vulnerability. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2023-0461)
It was discovered that the System V IPC implementation in the Linux kernel
did not properly handle large shared memory counts. A local attacker could
use this to cause a denial of service (memory exhaustion). (CVE-2021-3669)
It was discovered that an out-of-bounds write vulnerability existed in the
Video for Linux 2 (V4L2) implementation in the Linux kernel. A local
attacker could use this to cause a deni
OSV
linux-oem-6.1 vulnerabilities
osv·2023-03-03·CVSS 5.5
CVE-2023-0461 [MEDIUM] linux-oem-6.1 vulnerabilities
linux-oem-6.1 vulnerabilities
It was discovered that the Upper Level Protocol (ULP) subsystem in the
Linux kernel did not properly handle sockets entering the LISTEN state in
certain protocols, leading to a use-after-free vulnerability. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2023-0461)
Davide Ornaghi discovered that the netfilter subsystem in the Linux kernel
did not properly handle VLAN headers in some situations. A local attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2023-0179)
Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux
kernel contained an out-of-bounds write vulnerability. A local attacker
could use this to cause
OSV
linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gke, linux-gkeop, linux-hwe-5.4, linux-kvm, linux-oracle, linux-oracle-5.4 vulnerabilities
osv·2023-03-03·CVSS 5.5
[MEDIUM] linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gke, linux-gkeop, linux-hwe-5.4, linux-kvm, linux-oracle, linux-oracle-5.4 vulnerabilities
linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gke, linux-gkeop, linux-hwe-5.4, linux-kvm, linux-oracle, linux-oracle-5.4 vulnerabilities
It was discovered that the Upper Level Protocol (ULP) subsystem in the
Linux kernel did not properly handle sockets entering the LISTEN state in
certain protocols, leading to a use-after-free vulnerability. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2023-0461)
It was discovered that the NVMe driver in the Linux kernel did not properly
handle reset events in some situations. A local attacker could use this to
cause a denial of service (system crash). (CVE-2022-3169)
It was discovered that a use-after-free vulnerability existed in the SGI
GRU drive
OSV
CVE-2023-0266: A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel
osv·2023-01-30·CVSS 7.0
CVE-2023-0266 [HIGH] CVE-2023-0266: A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel
A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 is missing locks that can be used in a use-after-free that can result in a priviledge escalation to gain ring0 access from the system user. We recommend upgrading past commit 56b88b50565cd8b946a2d00b0c83927b7ebb055e
GHSA
GHSA-h8jm-3c82-6vvq: A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel
ghsa_unreviewed·2023-01-30
CVE-2023-0266 [HIGH] CWE-416 GHSA-h8jm-3c82-6vvq: A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel
A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 is missing locks that can be used in a use-after-free that can result in a priviledge escalation to gain ring0 access from the system user. We recommend upgrading past commit 56b88b50565cd8b946a2d00b0c83927b7ebb055e
Kernel
ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF
kernel_security·2023-01-13·CVSS 7.9
CVE-2023-0266 [HIGH] ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF
ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF
Takes rwsem lock inside snd_ctl_elem_read instead of snd_ctl_elem_read_user
like it was done for write in commit 1fa4445f9adf1 ("ALSA: control - introduce
snd_ctl_notify_one() helper"). Doing this way we are also fixing the following
locking issue happening in the compat path which can be easily triggered and
turned into an use-after-free.
64-bits:
snd_ctl_ioctl
snd_ctl_elem_read_user
[takes controls_rwsem]
snd_ctl_elem_read [lock properly held, all good]
[drops controls_rwsem]
32-bits:
snd_ctl_ioctl_compat
snd_ctl_elem_write_read_compat
ctl_elem_write_read
snd_ctl_elem_read [missing lock, not good]
CVE-2023-0266 was assigned for this issue.
Cc: [email protected] # 5.13+
Signed-off-by: Clement Lecigne
Reviewed-by: Jaro
VulnCheck
Linux Kernel Use-After-Free Vulnerability
vulncheck·2023·CVSS 7.9
CVE-2023-0266 [HIGH] CWE-416 Linux Kernel Use-After-Free Vulnerability
Linux Kernel Use-After-Free Vulnerability
Linux kernel contains a use-after-free vulnerability that allows for privilege escalation to gain ring0 access from the system user.
Affected: Linux Kernel
Required Action: Apply updates per vendor instructions.
Exploitation References: https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit; https://blog.google/threat-analysis-group/spyware-vendors-use-0-days-and-n-days-against-popular-platforms/; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json; https://googleprojectzero.blogspot.com/2023/09/analyzing-modern-in-wild-android-exploit.html; https://ti.qianxin.com/uploads/2024/02/02/dcc93e586f9028c68e7ab34c3326ff31.pdf; https://storage.googleapis.com/gweb-uniblog-publish-prod/doc
Project0
Project Zero RCA: CVE-2022-4262: Incorrect Bytecode Generation by JavaScript Parser
project_zero·CVSS 8.8
CVE-2022-4262 [HIGH] Project Zero RCA: CVE-2022-4262: Incorrect Bytecode Generation by JavaScript Parser
# CVE-2022-4262: Incorrect Bytecode Generation by JavaScript Parser
*Samuel Groß, V8 Security*
## The Basics
**Disclosure or Patch Date:** 2 December 2022
**Product:** Google Chrome
**Advisory:** https://chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop.html
**Affected Versions:** 108.0.5359.71 and previous
**First Patched Version:** 108.0.5359.94
**Issue/Bug Report:** https://bugs.chromium.org/p/chromium/issues/detail?id=1394403
**Patch CL:** https://chromium.googlesource.com/v8/v8/+/27fa951ae4a3801126e84bc94d5c82dd2370d18b
**Bug-Introducing CL:** N/A
**Reporter(s):** Clement Lecigne of Google's Threat Analysis Group
## The Code
**Proof-of-concept:**
```javascript
let alloc = function() {
let tt = new ArrayBuffer(31 * 1024 * 1024 * 1024);
tt = new ArrayBu
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tree/queue-5.10/alsa-pcm-move-rwsem-lock-inside-snd_ctl_elem_read-to-prevent-uaf.patch?id=72783cf35e6c55bca84c4bb7b776c58152856fd4https://github.com/torvalds/linux/commit/56b88b50565cd8b946a2d00b0c83927b7ebb055ehttps://github.com/torvalds/linux/commit/becf9e5d553c2389d857a3c178ce80fdb34a02e1https://lists.debian.org/debian-lts-announce/2023/05/msg00006.htmlhttps://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tree/queue-5.10/alsa-pcm-move-rwsem-lock-inside-snd_ctl_elem_read-to-prevent-uaf.patch?id=72783cf35e6c55bca84c4bb7b776c58152856fd4https://github.com/torvalds/linux/commit/56b88b50565cd8b946a2d00b0c83927b7ebb055ehttps://github.com/torvalds/linux/commit/becf9e5d553c2389d857a3c178ce80fdb34a02e1https://lists.debian.org/debian-lts-announce/2023/05/msg00006.htmlhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-0266
2023-01-30
Published
2023-03-30
Added to CISA KEV
Exploited in the wild