CVE-2023-5633: The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way memory objects were handled…

high7.8CVSS 3.1

AVLACLPRLUINSUCHIHAH

The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface. When running inside a VMware guest with 3D acceleration enabled, a local, unprivileged user could potentially use this flaw to escalate their privileges.

Affected

57 ranges· showing 25

Vendor	Product	Version range	Fixed in
debian	linux	< linux 6.1.76-1 (bookworm)	linux 6.1.76-1 (bookworm)
linux	linux_kernel	—	—
linux	linux_kernel	>= 0 < 6.1.76-1	6.1.76-1
linux	linux_kernel	>= 0 < 6.5.8-1	6.5.8-1
linux	linux_kernel	>= 0 < 6.5.8-1	6.5.8-1
linux	linux_kernel	>= 6.1.13 < 6.1.75	6.1.75
linux	linux_kernel	>= 6.2 < 6.5.8	6.5.8
msrc	cbl2_kernel_5.15.153.1-1_on_cbl_mariner_2.0	—	—
msrc	cbl_mariner_2.0_arm	—	—
msrc	cbl_mariner_2.0_x64	—	—
paloalto	pan-os	—	—
redhat	codeready_linux_builder	—	—
redhat	codeready_linux_builder	—	—
redhat	codeready_linux_builder_eus	—	—
redhat	codeready_linux_builder_eus	—	—
redhat	codeready_linux_builder_eus	—	—
redhat	codeready_linux_builder_for_arm64	—	—
redhat	codeready_linux_builder_for_arm64	—	—
redhat	codeready_linux_builder_for_arm64_eus	—	—
redhat	codeready_linux_builder_for_arm64_eus	—	—
redhat	codeready_linux_builder_for_arm64_eus	—	—
redhat	codeready_linux_builder_for_ibm_z_systems	—	—
redhat	codeready_linux_builder_for_ibm_z_systems_eus	—	—
redhat	codeready_linux_builder_for_ibm_z_systems_eus	—	—
redhat	codeready_linux_builder_for_power_little_endian	—	—

CVSS provenance

nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

osv7.5HIGH