CVE-2023-0266

CVE Database · CVE-2023-0266

CVE-2023-0266

· HIGHAnalyzed

CVSS v3.1

7.9

EPSS

3.70%

Published

Jan 30, 2023

Modified

Oct 24, 2025

CISA Known Exploited Vulnerability

Added: 2023-03-30 · Due: 2023-04-20

Apply updates per vendor instructions.

Public PoC / Exploit (2)

All weaponized →

TrickestTrickest PoC index GitHub PoCSeanHeelan/claude_opus_cve_2023_0266★17

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 is missing locks that can be used in a use-after-free that can result in a priviledge escalation to gain ring0 access from the system user. We recommend upgrading past commit 56b88b50565cd8b946a2d00b0c83927b7ebb055e

CVSS Vector

CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:H

Weaknesses (CWE)

CWE-416CWE-416

Affected Products (7)

debian · debian_linuxvulnerable

linux · linux_kernel (up to 4.14.303)vulnerable

linux · linux_kernel (up to 4.19.270)vulnerable

linux · linux_kernel (up to 5.4.229)vulnerable

linux · linux_kernel (up to 5.10.163)vulnerable

linux · linux_kernel (up to 5.15.88)vulnerable

linux · linux_kernel (up to 6.1.6)vulnerable