CVE-2023-5633

The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface. When running inside a VMware guest with 3D acceleration enabled, a local, unprivileged user could potentially use this flaw to escalate their privileges.

Published: Oct 24, 2023
Updated: Nov 3, 2023
CVE: CVE-2023-5633
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-416

Affected Software
References

Software	From	Fixed in
linux / linux_kernel	6.6-rc1	6.6-rc1.x
linux / linux_kernel	6.6-rc2	6.6-rc2.x
linux / linux_kernel	6.6-rc3	6.6-rc3.x
linux / linux_kernel	6.6-rc4	6.6-rc4.x
linux / linux_kernel	6.6-rc5	6.6-rc5.x
redhat / enterprise_linux	8.0	8.0.x
redhat / enterprise_linux	9.0	9.0.x
linux / linux_kernel	6.6-rc6	6.6-rc6.x
linux / linux_kernel	6.1.13	6.1.75
linux / linux_kernel	6.2	6.5.8
redhat / codeready_linux_builder	8.0	8.0.x
redhat / enterprise_linux_for_real_time	8.0	8.0.x
redhat / enterprise_linux_for_real_time_for_nfv	8.0	8.0.x
redhat / enterprise_linux_for_real_time_for_nfv	9.0	9.0.x
redhat / enterprise_linux_for_real_time	9.0	9.0.x
redhat / enterprise_linux_server_tus	8.8	8.8.x
redhat / enterprise_linux_eus	8.8	8.8.x
redhat / enterprise_linux_server_aus	9.2	9.2.x
redhat / enterprise_linux_eus	9.2	9.2.x
redhat / enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions	8.8	8.8.x
redhat / enterprise_linux_for_power_little_endian_eus	9.2_ppc64le	9.2_ppc64le.x
redhat / codeready_linux_builder_for_arm64_eus	9.2_aarch64	9.2_aarch64.x
redhat / codeready_linux_builder_for_ibm_z_systems_eus	9.2_s390x	9.2_s390x.x
redhat / codeready_linux_builder_for_ibm_z_systems	9.0_s390x	9.0_s390x.x
redhat / codeready_linux_builder_for_arm64	9.0_aarch64	9.0_aarch64.x
redhat / codeready_linux_builder_eus	9.2	9.2.x
redhat / enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions	9.2_ppc64le	9.2_ppc64le.x
redhat / enterprise_linux_for_arm_64_eus	9.2_aarch64	9.2_aarch64.x
redhat / enterprise_linux_for_arm_64	9.0_aarch64	9.0_aarch64.x
redhat / enterprise_linux_for_power_little_endian	8.0_ppc64le	8.0_ppc64le.x
redhat / enterprise_linux_for_ibm_z_systems_eus	8.8_s390x	8.8_s390x.x
redhat / enterprise_linux_for_ibm_z_systems	8.0_s390x	8.0_s390x.x
redhat / enterprise_linux_for_arm_64_eus	8.8_aarch64	8.8_aarch64.x
redhat / enterprise_linux_for_arm_64	8.0_aarch64	8.0_aarch64.x
redhat / codeready_linux_builder_for_power_little_endian_eus	9.2_ppc64le	9.2_ppc64le.x
redhat / codeready_linux_builder_for_power_little_endian	9.0_ppc64le	9.0_ppc64le.x
redhat / codeready_linux_builder	9.0	9.0.x
redhat / enterprise_linux_for_power_little_endian	9.0_ppc64le	9.0_ppc64le.x
redhat / enterprise_linux_for_ibm_z_systems_eus	9.2_s390x	9.2_s390x.x
redhat / enterprise_linux_for_ibm_z_systems	9.0_s390x	9.0_s390x.x
redhat / codeready_linux_builder_for_arm64	8.0_aarch64	8.0_aarch64.x
redhat / codeready_linux_builder_for_power_little_endian	8.0_ppc64le	8.0_ppc64le.x
redhat / enterprise_linux_for_power_little_endian_eus	9.4_ppc64le	9.4_ppc64le.x
redhat / enterprise_linux_for_arm_64_eus	9.4_aarch64	9.4_aarch64.x
redhat / enterprise_linux_for_ibm_z_systems_eus	9.4_s390x	9.4_s390x.x
redhat / enterprise_linux_server_aus	9.4	9.4.x
redhat / enterprise_linux_eus	9.4	9.4.x
redhat / codeready_linux_builder_for_arm64_eus	9.4_aarch64	9.4_aarch64.x
redhat / codeready_linux_builder_for_ibm_z_systems_eus	9.4_s390x	9.4_s390x.x
redhat / codeready_linux_builder_for_arm64_eus	8.8_aarch64	8.8_aarch64.x
redhat / codeready_linux_builder_eus	8.8	8.8.x
redhat / codeready_linux_builder_for_power_little_endian_eus	8.8_ppc64le	8.8_ppc64le.x
redhat / codeready_linux_builder_for_power_little_endian_eus	9.4_ppc64le	9.4_ppc64le.x
redhat / codeready_linux_builder_eus	9.4	9.4.x

Vulnerability Database

289,599

CVE-2023-5633