CVE-2023-5633

Summary

The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface. When running inside a VMware guest with 3D acceleration enabled, a local, unprivileged user could potentially use this flaw to escalate their privileges.

Affected Software

VendorProductVersion RangeStatus
Red HatRed Hat Enterprise Linux 80:4.18.0-513.11.1.rt7.313.el8_9 < *unaffected
Red HatRed Hat Enterprise Linux 80:4.18.0-513.11.1.el8_9 < *unaffected
Red HatRed Hat Enterprise Linux 8.8 Extended Update Support0:4.18.0-477.51.1.el8_8 < *unaffected
Red HatRed Hat Enterprise Linux 90:5.14.0-362.18.1.el9_3 < *unaffected
Red HatRed Hat Enterprise Linux 90:5.14.0-362.18.1.el9_3 < *unaffected
Red HatRed Hat Enterprise Linux 9.2 Extended Update Support0:5.14.0-284.75.1.el9_2 < *unaffected
Red HatRed Hat Enterprise Linux 9.2 Extended Update Support0:5.14.0-284.75.1.rt14.360.el9_2 < *unaffected

Weaknesses

  • CWE-911: Improper Update of Reference Count

Workarounds

This flaw can be mitigated by turning off 3D acceleration in VMware (if possible) or preventing the affected vmwgfx kernel module from being loaded. For instructions on how to blacklist a kernel module, please see https://access.redhat.com/solutions/41278.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References