Mend Vulnerability Database

Vulnerability DatabaseCVE-2023-5633

CVE-2023-5633

October 23, 2023

The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface. When running inside a VMware guest with 3D acceleration enabled, a local, unprivileged user could potentially use this flaw to escalate their privileges.

Related Resources (8)

https://bugzilla.redhat.com/show_bug.cgi?id=2245663

https://access.redhat.com/errata/RHSA-2024:0461

https://access.redhat.com/errata/RHSA-2024:0113

https://access.redhat.com/errata/RHSA-2024:4823

https://access.redhat.com/errata/RHSA-2024:0134

https://access.redhat.com/errata/RHSA-2024:1404

https://access.redhat.com/errata/RHSA-2024:4831

https://access.redhat.com/security/cve/CVE-2023-5633

Do you need more information?

CVSS v4

Base Score:

8.5

Attack Vector

LOCAL

Attack Complexity

LOW

Attack Requirements

NONE

Privileges Required

LOW

User Interaction

NONE

Vulnerable System Confidentiality

HIGH

Vulnerable System Integrity

HIGH

Vulnerable System Availability

HIGH

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Weakness Type (CWE)

Use After Free

CWE-416

Improper Update of Reference Count

CWE-911

EPSS

Base Score:

0.01

Products

Solutions

Resources

Company

Compare

Developer Tools