CVE-2023-0266 in Linux and Canonical Products
Published on January 30, 2023
Known Exploited Vulnerability
This Linux Kernel Use-After-Free Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. Linux kernel contains a use-after-free vulnerability that allows for privilege escalation to gain ring0 access from the system user.
The following remediation steps are recommended / required by April 20, 2023: Apply updates per vendor instructions.
CVE-2023-0266 is exploitable with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
What is a Dangling pointer Vulnerability?
Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.
CVE-2023-0266 has been classified to as a Dangling pointer vulnerability or weakness.
Products Associated with CVE-2023-0266
You can be notified by stack.watch whenever vulnerabilities like CVE-2023-0266 are published in these products:
What versions are vulnerable to CVE-2023-0266?
- Linux Kernel Version 4.15 Fixed in Version 4.19.270
- Linux Kernel Version 4.20 Fixed in Version 5.4.229
- Linux Kernel Version 5.5 Fixed in Version 5.10.163
- Linux Kernel Version 5.16 Fixed in Version 6.1.6
- Linux Kernel Version 5.11 Fixed in Version 5.15.88
- Linux Kernel Version 4.14 Fixed in Version 4.14.303