Vulnerability — CVE-2023-0266

CVE-2023-0266

Reference to the description:: https://nvd.nist.gov/vuln/detail/CVE-2023-0266
Description:: A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 is missing locks that can be used in a use-after-free that can result in a priviledge escalation to gain ring0 access from the system user. We recommend upgrading past commit 56b88b50565cd8b946a2d00b0c83927b7ebb055e
Last updated date:: 03/14/2025

ACTIVELY EXPLOITED

Type:: exploitation
Confidence:: HIGH
Date of publishing:: 01/12/2023
Reference url to background: https://source.android.com/docs/security/bulletin/2023-05-01#2023-05-05-security-patch-level-vulnerability-details

Type:: exploitation
Confidence:: HIGH
Date of publishing:: 03/30/2023
Reference url to background: https://thehackernews.com/2023/03/spyware-vendors-caught-exploiting-zero.html

Type:: exploitation
Confidence:: HIGH
Date of publishing:: 03/30/2023
Reference url to background: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

Type:: exploit
Confidence:: HIGH
Date of publishing:: 03/10/2024
Reference url to background: https://github.com/SeanHeelan/claude_opus_cve_2023_0266