A use after free vulnerability exists in the ALSA PCM...
High severity
Unreviewed
Published
Jan 30, 2023
to the GitHub Advisory Database
•
Updated May 12, 2023
Description
Published by the National Vulnerability Database
Jan 30, 2023
Published to the GitHub Advisory Database
Jan 30, 2023
Last updated
May 12, 2023
A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 is missing locks that can be used in a use-after-free that can result in a priviledge escalation to gain ring0 access from the system user. We recommend upgrading past commit 56b88b50565cd8b946a2d00b0c83927b7ebb055e
References