fkie_nvd - fkie_cve-2023-5633

FKIE_CVE-2023-5633

Vulnerability from fkie_nvd - Published: 2023-10-23 22:15 - Updated: 2024-11-21 08:42

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface. When running inside a VMware guest with 3D acceleration enabled, a local, unprivileged user could potentially use this flaw to escalate their privileges.

References

URL	Tags
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2024:0113	Third Party Advisory
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2024:0134	Third Party Advisory
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2024:0461	Third Party Advisory
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2024:1404	Third Party Advisory
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2024:4823	Third Party Advisory
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2024:4831	Third Party Advisory
secalert@redhat.com	https://access.redhat.com/security/cve/CVE-2023-5633	Third Party Advisory
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=2245663	Issue Tracking, Patch
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2024:0113	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2024:0134	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2024:0461	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2024:1404	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2024:4823	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2024:4831	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/security/cve/CVE-2023-5633	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=2245663	Issue Tracking, Patch

Impacted products

Vendor	Product	Version
linux	linux_kernel	*
linux	linux_kernel	*
linux	linux_kernel	6.6
linux	linux_kernel	6.6
linux	linux_kernel	6.6
linux	linux_kernel	6.6
linux	linux_kernel	6.6
linux	linux_kernel	6.6
redhat	codeready_linux_builder	8.0
redhat	codeready_linux_builder	9.0
redhat	codeready_linux_builder_eus	8.8
redhat	codeready_linux_builder_eus	9.2
redhat	codeready_linux_builder_eus	9.4
redhat	codeready_linux_builder_for_arm64	8.0_aarch64
redhat	codeready_linux_builder_for_arm64	9.0_aarch64
redhat	codeready_linux_builder_for_arm64_eus	8.8_aarch64
redhat	codeready_linux_builder_for_arm64_eus	9.2_aarch64
redhat	codeready_linux_builder_for_arm64_eus	9.4_aarch64
redhat	codeready_linux_builder_for_ibm_z_systems	9.0_s390x
redhat	codeready_linux_builder_for_ibm_z_systems_eus	9.2_s390x
redhat	codeready_linux_builder_for_ibm_z_systems_eus	9.4_s390x
redhat	codeready_linux_builder_for_power_little_endian	8.0_ppc64le
redhat	codeready_linux_builder_for_power_little_endian	9.0_ppc64le
redhat	codeready_linux_builder_for_power_little_endian_eus	8.8_ppc64le
redhat	codeready_linux_builder_for_power_little_endian_eus	9.2_ppc64le
redhat	codeready_linux_builder_for_power_little_endian_eus	9.4_ppc64le
redhat	enterprise_linux	8.0
redhat	enterprise_linux	9.0
redhat	enterprise_linux_eus	8.8
redhat	enterprise_linux_eus	9.2
redhat	enterprise_linux_eus	9.4
redhat	enterprise_linux_for_arm_64	8.0_aarch64
redhat	enterprise_linux_for_arm_64	9.0_aarch64
redhat	enterprise_linux_for_arm_64_eus	8.8_aarch64
redhat	enterprise_linux_for_arm_64_eus	9.2_aarch64
redhat	enterprise_linux_for_arm_64_eus	9.4_aarch64
redhat	enterprise_linux_for_ibm_z_systems	8.0_s390x
redhat	enterprise_linux_for_ibm_z_systems	9.0_s390x
redhat	enterprise_linux_for_ibm_z_systems_eus	8.8_s390x
redhat	enterprise_linux_for_ibm_z_systems_eus	9.2_s390x
redhat	enterprise_linux_for_ibm_z_systems_eus	9.4_s390x
redhat	enterprise_linux_for_power_little_endian	8.0_ppc64le
redhat	enterprise_linux_for_power_little_endian	9.0_ppc64le
redhat	enterprise_linux_for_power_little_endian_eus	9.2_ppc64le
redhat	enterprise_linux_for_power_little_endian_eus	9.4_ppc64le
redhat	enterprise_linux_for_real_time	8.0
redhat	enterprise_linux_for_real_time	9.0
redhat	enterprise_linux_for_real_time_for_nfv	8.0
redhat	enterprise_linux_for_real_time_for_nfv	9.0
redhat	enterprise_linux_server_aus	9.2
redhat	enterprise_linux_server_aus	9.4
redhat	enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions	8.8
redhat	enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions	9.2_ppc64le
redhat	enterprise_linux_server_tus	8.8

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B91950D6-83A3-41D3-8739-9DD8A03F7CE6",
              "versionEndExcluding": "6.1.75",
              "versionStartIncluding": "6.1.13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD4E15B4-2591-4A3A-B2A2-7FEAECD5027D",
              "versionEndExcluding": "6.5.8",
              "versionStartIncluding": "6.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "84267A4F-DBC2-444F-B41D-69E15E1BEC97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "FB440208-241C-4246-9A83-C1715C0DAA6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "0DC421F1-3D5A-4BEF-BF76-4E468985D20B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "00AB783B-BE05-40E8-9A55-6AA457D95031",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "E7C78D0A-C4A2-4D41-B726-8979E33AD0F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc6:*:*:*:*:*:*",
              "matchCriteriaId": "E114E9DD-F7E1-40CC-AAD5-F14E586CB2E6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:codeready_linux_builder:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "93A089E2-D66E-455C-969A-3140D991BAF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:codeready_linux_builder:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2ABBAA9E-CCBA-480B-ABB5-454448D91262",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:codeready_linux_builder_eus:8.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9812B09-CC24-43F5-98E8-6D9EFE026E8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:codeready_linux_builder_eus:9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "936B046D-ADEB-4701-8957-AC28CFA9C5C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:codeready_linux_builder_eus:9.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C4B0BD8-527F-4728-A64B-F8F06D5EDEC5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_arm64:8.0_aarch64:*:*:*:*:*:*:*",
              "matchCriteriaId": "D206176C-6B2B-4BED-A3A2-AE39A41CB3C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_arm64:9.0_aarch64:*:*:*:*:*:*:*",
              "matchCriteriaId": "910C9542-26FC-4635-9351-128727971830",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:8.8_aarch64:*:*:*:*:*:*:*",
              "matchCriteriaId": "547DCB0A-32F0-4BC9-BCA4-EA50064DA5D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.2_aarch64:*:*:*:*:*:*:*",
              "matchCriteriaId": "09AAD850-019A-46B8-A5A1-845DE048D30A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.4_aarch64:*:*:*:*:*:*:*",
              "matchCriteriaId": "88F9EB73-1F19-4BD9-AB19-36F9F1A5156E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA3C5EAE-267F-410F-8AFA-8F5B68A9E617",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.2_s390x:*:*:*:*:*:*:*",
              "matchCriteriaId": "86034E5B-BCDD-4AFD-A460-38E790F608F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.4_s390x:*:*:*:*:*:*:*",
              "matchCriteriaId": "35232613-B8B5-4F4D-A6CD-3823C6666534",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*",
              "matchCriteriaId": "F791F846-7762-40E0-9056-032FD10F2046",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian:9.0_ppc64le:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B3D7389-35C1-48C4-A9EC-2564842723C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:8.8_ppc64le:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9795CF6-CBEB-4FE4-BAAC-D9D514C6B5B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2ED1251-245C-4390-8964-DDCAD54A8957",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:9.4_ppc64le:*:*:*:*:*:*:*",
              "matchCriteriaId": "03A1BB59-4BE6-4339-ABB7-C18B7D899FB9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "62C31522-0A17-4025-B269-855C7F4B45C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C74F6FA-FA6C-4648-9079-91446E45EE47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:9.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B03506D7-0FCD-47B7-90F6-DDEEB5C5A733",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0_aarch64:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A47EF78-A5B6-4B89-8B74-EEB0647C549F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0_aarch64:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F7DAD7C-9369-4A87-A1D0-4208D3AF0CDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.8_aarch64:*:*:*:*:*:*:*",
              "matchCriteriaId": "213593D4-EB5A-4A1B-BDF3-3F043C5F6A6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.2_aarch64:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A879F9F-F087-45D4-BD65-2990276477D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.4_aarch64:*:*:*:*:*:*:*",
              "matchCriteriaId": "01363FFA-F7A6-43FC-8D47-E67F95410095",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*",
              "matchCriteriaId": "32AF225E-94C0-4D07-900C-DD868C05F554",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB056B47-1F45-4CE4-81F6-872F66C24C29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x:*:*:*:*:*:*:*",
              "matchCriteriaId": "22C65F53-D624-48A9-A9B7-4C78A31E19F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.2_s390x:*:*:*:*:*:*:*",
              "matchCriteriaId": "26041661-0280-4544-AA0A-BC28FCED4699",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.4_s390x:*:*:*:*:*:*:*",
              "matchCriteriaId": "F843B777-5C64-4CAE-80D6-89DC2C9515B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*",
              "matchCriteriaId": "23D471AC-7DCA-4425-AD91-E5D928753A8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0_ppc64le:*:*:*:*:*:*:*",
              "matchCriteriaId": "E07C1C58-0E5F-4B56-9B8D-5DE67DB00F79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*",
              "matchCriteriaId": "99952557-C766-4B9E-8BF5-DBBA194349FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.4_ppc64le:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC3CBA5D-9E5D-4C46-B37E-7BB35BE8DADB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_real_time:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5487EF77-D23A-4CC0-851C-E330B4485D8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_real_time:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8173AF8-110D-4503-AA50-1BA4F79622E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "782C86CD-1B68-410A-A096-E5170AD24DA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D583DDD-E84D-4180-A339-5467540DB9EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F32CA554-F9D7-425B-8F1C-89678507F28C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:9.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "39D345D3-108A-4551-A112-5EE51991411A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "12A809B2-2771-4780-9E0D-6A7B4A534CFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.2_ppc64le:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC6A25CB-907A-4D05-8460-A2488938A8BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1CA946D-1665-4874-9D41-C7D963DD1F56",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface. When running inside a VMware guest with 3D acceleration enabled, a local, unprivileged user could potentially use this flaw to escalate their privileges."
    },
    {
      "lang": "es",
      "value": "Los cambios en el recuento de referencias realizados como parte de las correcciones CVE-2023-33951 y CVE-2023-33952 expusieron una falla de use-after-free en la forma en que se manejaban los objetos de memoria cuando se usaban para almacenar una superficie. Cuando se ejecuta dentro de un invitado de VMware con la aceleraci\u00f3n 3D habilitada, un usuario local sin privilegios podr\u00eda utilizar esta falla para aumentar sus privilegios."
    }
  ],
  "id": "CVE-2023-5633",
  "lastModified": "2024-11-21T08:42:09.727",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "secalert@redhat.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-10-23T22:15:09.430",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2024:0113"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2024:0134"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2024:0461"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2024:1404"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2024:4823"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2024:4831"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/security/cve/CVE-2023-5633"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Patch"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2245663"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2024:0113"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2024:0134"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2024:0461"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2024:1404"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2024:4823"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2024:4831"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/security/cve/CVE-2023-5633"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2245663"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-416"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-416"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2023-5633 (GCVE-0-2023-5633)

Vulnerability from cvelistv5 – Published: 2023-10-23 21:58 – Updated: 2025-11-06 20:51

Summary

Severity ?

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-416 - Use After Free

Assigner

redhat

References

URL

Tags

	https://access.redhat.com/errata/RHSA-2024:0113	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:0134	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:0461	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:1404	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:4823	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:4831	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/security/cve/CVE-2023-5633	vdb-entryx_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=2245663	issue-trackingx_refsource_REDHAT

Impacted products

Vendor

Product

Version

Red Hat

Red Hat Enterprise Linux 8

Unaffected: 0:4.18.0-513.11.1.rt7.313.el8_9 , < * (rpm)
cpe:/a:redhat:enterprise_linux:8::nfv
cpe:/a:redhat:enterprise_linux:8::realtime

Red Hat	Red Hat Enterprise Linux 8	Unaffected: 0:4.18.0-513.11.1.el8_9 , < * (rpm) cpe:/a:redhat:enterprise_linux:8::crb cpe:/o:redhat:enterprise_linux:8::baseos
Red Hat	Red Hat Enterprise Linux 8.8 Extended Update Support	Unaffected: 0:4.18.0-477.51.1.el8_8 , < * (rpm) cpe:/o:redhat:rhel_eus:8.8::baseos cpe:/a:redhat:rhel_eus:8.8::crb
Red Hat	Red Hat Enterprise Linux 9	Unaffected: 0:5.14.0-362.18.1.el9_3 , < * (rpm) cpe:/a:redhat:enterprise_linux:9::crb cpe:/a:redhat:enterprise_linux:9::appstream cpe:/a:redhat:enterprise_linux:9::realtime cpe:/a:redhat:enterprise_linux:9::nfv cpe:/o:redhat:enterprise_linux:9::baseos
Red Hat	Red Hat Enterprise Linux 9	Unaffected: 0:5.14.0-362.18.1.el9_3 , < * (rpm) cpe:/a:redhat:enterprise_linux:9::crb cpe:/a:redhat:enterprise_linux:9::appstream cpe:/a:redhat:enterprise_linux:9::realtime cpe:/a:redhat:enterprise_linux:9::nfv cpe:/o:redhat:enterprise_linux:9::baseos
Red Hat	Red Hat Enterprise Linux 9.2 Extended Update Support	Unaffected: 0:5.14.0-284.75.1.el9_2 , < * (rpm) cpe:/a:redhat:rhel_eus:9.2::appstream cpe:/o:redhat:rhel_eus:9.2::baseos cpe:/a:redhat:rhel_eus:9.2::crb
Red Hat	Red Hat Enterprise Linux 9.2 Extended Update Support	Unaffected: 0:5.14.0-284.75.1.rt14.360.el9_2 , < * (rpm) cpe:/a:redhat:rhel_eus:9.2::realtime cpe:/a:redhat:rhel_eus:9.2::nfv
Red Hat	Red Hat Enterprise Linux 6	cpe:/o:redhat:enterprise_linux:6
Red Hat	Red Hat Enterprise Linux 7	cpe:/o:redhat:enterprise_linux:7
Red Hat	Red Hat Enterprise Linux 7	cpe:/o:redhat:enterprise_linux:7
Red Hat	Red Hat Enterprise Linux 9	cpe:/o:redhat:enterprise_linux:9

Credits

Red Hat would like to thank Murray McAllister (NCC Group APAC) for reporting this issue.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-5633",
                "options": [
                  {
                    "Exploitation": "None"
                  },
                  {
                    "Automatable": "No"
                  },
                  {
                    "Technical Impact": "Total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-09T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:28:39.386Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T08:07:32.554Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2024:0113",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:0113"
          },
          {
            "name": "RHSA-2024:0134",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:0134"
          },
          {
            "name": "RHSA-2024:0461",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:0461"
          },
          {
            "name": "RHSA-2024:1404",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:1404"
          },
          {
            "name": "RHSA-2024:4823",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:4823"
          },
          {
            "name": "RHSA-2024:4831",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:4831"
          },
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2023-5633"
          },
          {
            "name": "RHBZ#2245663",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2245663"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:8::nfv",
            "cpe:/a:redhat:enterprise_linux:8::realtime"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel-rt",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.18.0-513.11.1.rt7.313.el8_9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:8::crb",
            "cpe:/o:redhat:enterprise_linux:8::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.18.0-513.11.1.el8_9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_eus:8.8::baseos",
            "cpe:/a:redhat:rhel_eus:8.8::crb"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel",
          "product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.18.0-477.51.1.el8_8",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::crb",
            "cpe:/a:redhat:enterprise_linux:9::appstream",
            "cpe:/a:redhat:enterprise_linux:9::realtime",
            "cpe:/a:redhat:enterprise_linux:9::nfv",
            "cpe:/o:redhat:enterprise_linux:9::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:5.14.0-362.18.1.el9_3",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::crb",
            "cpe:/a:redhat:enterprise_linux:9::appstream",
            "cpe:/a:redhat:enterprise_linux:9::realtime",
            "cpe:/a:redhat:enterprise_linux:9::nfv",
            "cpe:/o:redhat:enterprise_linux:9::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:5.14.0-362.18.1.el9_3",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:9.2::appstream",
            "cpe:/o:redhat:rhel_eus:9.2::baseos",
            "cpe:/a:redhat:rhel_eus:9.2::crb"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel",
          "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:5.14.0-284.75.1.el9_2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:9.2::realtime",
            "cpe:/a:redhat:rhel_eus:9.2::nfv"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel-rt",
          "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:5.14.0-284.75.1.rt14.360.el9_2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:6"
          ],
          "defaultStatus": "unaffected",
          "packageName": "kernel",
          "product": "Red Hat Enterprise Linux 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unaffected",
          "packageName": "kernel",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unaffected",
          "packageName": "kernel-rt",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel-rt",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Murray McAllister (NCC Group APAC) for reporting this issue."
        }
      ],
      "datePublic": "2023-09-28T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface. When running inside a VMware guest with 3D acceleration enabled, a local, unprivileged user could potentially use this flaw to escalate their privileges."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Important"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "Use After Free",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-06T20:51:23.307Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2024:0113",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:0113"
        },
        {
          "name": "RHSA-2024:0134",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:0134"
        },
        {
          "name": "RHSA-2024:0461",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:0461"
        },
        {
          "name": "RHSA-2024:1404",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:1404"
        },
        {
          "name": "RHSA-2024:4823",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:4823"
        },
        {
          "name": "RHSA-2024:4831",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:4831"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2023-5633"
        },
        {
          "name": "RHBZ#2245663",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2245663"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2023-10-23T00:00:00+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2023-09-28T00:00:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Kernel: vmwgfx: reference count issue leads to use-after-free in surface handling",
      "workarounds": [
        {
          "lang": "en",
          "value": "This flaw can be mitigated by turning off 3D acceleration in VMware (if possible) or preventing the affected `vmwgfx` kernel module from being loaded. For instructions on how to blacklist a kernel module, please see https://access.redhat.com/solutions/41278."
        }
      ],
      "x_redhatCweChain": "CWE-911-\u003eCWE-416: Improper Update of Reference Count leads to Use After Free"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2023-5633",
    "datePublished": "2023-10-23T21:58:59.776Z",
    "dateReserved": "2023-10-18T08:39:18.720Z",
    "dateUpdated": "2025-11-06T20:51:23.307Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

FKIE_CVE-2023-5633

CVE-2023-5633 (GCVE-0-2023-5633)

Tags

Sightings

Nomenclature