A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 is missing locks that can be used in a use-after-free that can result in a priviledge escalation to gain ring0 access from the system user. We recommend upgrading past commit 56b88b50565cd8b946a2d00b0c83927b7ebb055e
Advisories
Source ID Title
Debian DLA Debian DLA DLA-3349-1 linux-5.10 security update
Debian DLA Debian DLA DLA-3403-1 linux security update
Debian DSA Debian DSA DSA-5324-1 linux security update
EUVD EUVD EUVD-2023-12345 A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 is missing locks that can be used in a use-after-free that can result in a priviledge escalation to gain ring0 access from the system user. We recommend upgrading past commit 56b88b50565cd8b946a2d00b0c83927b7ebb055e
Ubuntu USN Ubuntu USN USN-5915-1 Linux kernel (OEM) vulnerabilities
Ubuntu USN Ubuntu USN USN-5917-1 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-5924-1 Linux kernel (Azure) vulnerabilities
Ubuntu USN Ubuntu USN USN-5927-1 Linux kernel (Azure) vulnerabilities
Ubuntu USN Ubuntu USN USN-5934-1 Linux kernel (Raspberry Pi) vulnerabilities
Ubuntu USN Ubuntu USN USN-5939-1 Linux kernel (GCP) vulnerabilities
Ubuntu USN Ubuntu USN USN-5940-1 Linux kernel (Raspberry Pi) vulnerabilities
Ubuntu USN Ubuntu USN USN-5951-1 Linux kernel (IBM) vulnerabilities
Ubuntu USN Ubuntu USN USN-5970-1 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-5975-1 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-5979-1 Linux kernel (HWE) vulnerabilities
Ubuntu USN Ubuntu USN USN-5981-1 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-5982-1 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-5984-1 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-5987-1 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-5991-1 Linux kernel (GCP) vulnerabilities
Ubuntu USN Ubuntu USN USN-6000-1 Linux kernel (BlueField) vulnerabilities
Ubuntu USN Ubuntu USN USN-6004-1 Linux kernel (Intel IoTG) vulnerabilities
Ubuntu USN Ubuntu USN USN-6009-1 Linux kernel (GCP) vulnerabilities
Ubuntu USN Ubuntu USN USN-6030-1 Linux kernel (Qualcomm Snapdragon) vulnerabilities
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Tue, 16 Sep 2025 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Debian
Debian debian Linux
CPEs cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
Vendors & Products Debian
Debian debian Linux

Fri, 11 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00021}

epss

{'score': 0.00023}


Thu, 13 Feb 2025 16:45:00 +0000

Type Values Removed Values Added
Description A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 is missing locks that can be used in a use-after-free that can result in a priviledge escalation to gain ring0 access from the system user. We recommend upgrading past commit 56b88b50565cd8b946a2d00b0c83927b7ebb055e A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 is missing locks that can be used in a use-after-free that can result in a priviledge escalation to gain ring0 access from the system user. We recommend upgrading past commit 56b88b50565cd8b946a2d00b0c83927b7ebb055e

Wed, 29 Jan 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics kev

{'dateAdded': '2023-03-30'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Wed, 14 Aug 2024 01:15:00 +0000

Type Values Removed Values Added
References

cve-icon MITRE

Status: PUBLISHED

Assigner: Google

Published:

Updated: 2025-09-15T20:44:54.394Z

Reserved: 2023-01-13T07:58:13.390Z

Link: CVE-2023-0266

cve-icon Vulnrichment

Updated: 2024-08-02T05:02:44.150Z

cve-icon NVD

Status : Analyzed

Published: 2023-01-30T14:15:10.500

Modified: 2025-09-16T14:15:56.313

Link: CVE-2023-0266

cve-icon Redhat

Severity : Important

Publid Date: 2023-01-13T06:30:00Z

Links: CVE-2023-0266 - Bugzilla

cve-icon OpenCVE Enrichment

No data.