CVE-2023-5633

CVSS v3.1 7.8 (High)

EPSS 0.04 % (5^th)

Affected Products 2

Advisories 11

NVD Status Undergoing Analysis

The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface. When running inside a VMware guest with 3D acceleration enabled, a local, unprivileged user could potentially use this flaw to escalate their privileges.

Weaknesses

CWE-416: Use After Free

Related CVEs

CVE Status: PUBLISHED
NVD Status: Undergoing Analysis
CNA: Red Hat, Inc.
Published Date: 2023-10-23 22:15:09
(10 months ago)
Updated Date: 2024-07-24 16:15:05
(7 weeks ago)

Affected Products

Linux

Linux Kernel

Redhat

Enterprise Linux

Configuration #1

	CPE23	Up To
Linux Kernel prior 6.6 version	cpe:2.3:o:linux:linux_kernel	< 6.6
Linux Kernel 6.6 Rc1	cpe:2.3:o:linux:linux_kernel:6.6:rc1
Linux Kernel 6.6 Rc2	cpe:2.3:o:linux:linux_kernel:6.6:rc2
Linux Kernel 6.6 Rc3	cpe:2.3:o:linux:linux_kernel:6.6:rc3
Linux Kernel 6.6 Rc4	cpe:2.3:o:linux:linux_kernel:6.6:rc4
Linux Kernel 6.6 Rc5	cpe:2.3:o:linux:linux_kernel:6.6:rc5

Configuration #2

		CPE23	From	Up To
	Redhat Enterprise Linux 8.0	cpe:2.3:o:redhat:enterprise_linux:8.0
	Redhat Enterprise Linux 9.0	cpe:2.3:o:redhat:enterprise_linux:9.0