More details, CVE-2023-0266 vulnerability is widely exploited (8th June 2023)

Preface: The Advanced Linux Sound Architecture (ALSA) provides kernel driven sound card drivers.
Besides the sound device drivers, ALSA also bundles a user space driven library for application developers. This enables direct (kernel) interaction with sound devices through ALSA libraries.

Background: Exynos, formerly Hummingbird, is a series of ARM-based system-on-chips developed by Samsung Electronics’ System LSI division and manufactured by Samsung Foundry.

Conceptual example – SoC installation instruction

  1. Install X-windows packages
    % sudo zypper install libXext6 libX11-6 libXrender1 libXtst6 libXi6 libgtk-2_0-0 tar
  2. Set your DISPLAY environment variable
    % setenv DISPLAY localhost:0
  3. navigate to the SoC installer file location
  4. Run the installer
    % [.]/xxxx_SoC_v2023[.]2[.]bin
  5. Follow on screen instructions.
  6. Click Finish. It is now ready to use.

Vulnerability details: A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 is missing locks that can be used in a use-after-free that can result in a priviledge escalation to gain ring0 access from the system user.

Solution: Samsung Mobile is releasing a maintenance release for major flagship models as part of monthly Security Maintenance Release (SMR) process. This SMR package includes patches from Google and Samsung.
For details, please refer to link –

Official announcement: For details, please refer to the following links

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.