PUB-A-265303544
See a problem?- Import Source
- https://storage.googleapis.com/android-osv-test/PUB-A-265303544.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/PUB-A-265303544
- Aliases
-
- A-265303544
- CVE-2023-0266
- Published
- 2023-04-01T00:00:00Z
- Modified
- 2025-08-06T16:29:06.385449Z
- Summary
- [none]
- Details
-
In ctlelemreaduser, ctlelemwriteuser of control_compat.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android / :linux_kernel:
Package
- Name
- :linux_kernel:
Ecosystem specific
{
"fixes": [
"https://android.googlesource.com/kernel/common/+/cc6c5c7fa237f65b08b9618188efe4b24b9cd886"
],
"severity": "Moderate",
"vanir_signatures": [
{
"digest": {
"function_hash": "108546834540970082224391656027863927244",
"length": 1120.0
},
"signature_type": "Function",
"target": {
"function": "snd_ctl_elem_read",
"file": "sound/core/control.c"
},
"deprecated": false,
"signature_version": "v1",
"source": "https://android.googlesource.com/kernel/common/+/cc6c5c7fa237f65b08b9618188efe4b24b9cd886",
"id": "PUB-A-265303544-1c383694"
},
{
"digest": {
"function_hash": "110624146881422686246579966075625091336",
"length": 432.0
},
"signature_type": "Function",
"target": {
"function": "snd_ctl_elem_read_user",
"file": "sound/core/control.c"
},
"deprecated": false,
"signature_version": "v1",
"source": "https://android.googlesource.com/kernel/common/+/cc6c5c7fa237f65b08b9618188efe4b24b9cd886",
"id": "PUB-A-265303544-a3d349d4"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"186607239495494521708467879435343065615",
"212664839145390613949645046363591000271",
"149113412087965249285789999789759829250",
"38831955080342594281681030311705626136",
"2537851518482303166650449799008285652",
"229097576403856898208282461426400186192",
"40668920917381371557727796699509832693",
"269030988961068168477352165339310355473",
"34683639759013372286990791926674267764",
"70533672557710452064723629541716687229",
"294271495427283444300796166215170512256",
"181425378123470567080983780060214632848",
"20729971361921587414157959717294908533",
"193093375844389302646809722951735316713",
"300087900115591481794084679833867949444",
"307970832768720826231072904430866452061",
"82581469905076220839769012484966017757",
"323474068548694245121911692978069740543",
"87189583438830893185036350527740470068",
"218168557449617070597694659820908984599",
"217050888083783622938933330720759435266",
"172039338081040665959204736151636134986",
"4290970684720465065950032129580990899",
"61328621556464847727911229436532507196",
"143410256173377944969896050248475418633",
"85577603903434646525647638053671613602",
"256411198170490882597005897306046760777",
"150441140108143852574155293743550206083",
"219844924398793537918222388243334597605"
]
},
"signature_type": "Line",
"target": {
"file": "sound/core/control.c"
},
"deprecated": false,
"signature_version": "v1",
"source": "https://android.googlesource.com/kernel/common/+/cc6c5c7fa237f65b08b9618188efe4b24b9cd886",
"id": "PUB-A-265303544-b3a84caf"
}
],
"types": [
"EoP"
],
"spl": "2023-04-05"
}