GSD-2023-5633
Vulnerability from gsd - Updated: 2023-12-13 01:20Details
The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface. When running inside a VMware guest with 3D acceleration enabled, a local, unprivileged user could potentially use this flaw to escalate their privileges.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2023-5633",
"id": "GSD-2023-5633"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2023-5633"
],
"details": "The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface. When running inside a VMware guest with 3D acceleration enabled, a local, unprivileged user could potentially use this flaw to escalate their privileges.",
"id": "GSD-2023-5633",
"modified": "2023-12-13T01:20:51.206173Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2023-5633",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 8",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-513.11.1.rt7.313.el8_9",
"versionType": "rpm"
}
]
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-513.11.1.el8_9",
"versionType": "rpm"
}
]
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-477.51.1.el8_8",
"versionType": "rpm"
}
]
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 9",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:5.14.0-362.18.1.el9_3",
"versionType": "rpm"
}
]
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:5.14.0-362.18.1.el9_3",
"versionType": "rpm"
}
]
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
}
]
},
"vendor_name": "Red Hat"
}
]
}
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Murray McAllister (NCC Group APAC) for reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface. When running inside a VMware guest with 3D acceleration enabled, a local, unprivileged user could potentially use this flaw to escalate their privileges."
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"cweId": "CWE-416",
"lang": "eng",
"value": "Use After Free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://access.redhat.com/errata/RHSA-2024:0113",
"refsource": "MISC",
"url": "https://access.redhat.com/errata/RHSA-2024:0113"
},
{
"name": "https://access.redhat.com/errata/RHSA-2024:0134",
"refsource": "MISC",
"url": "https://access.redhat.com/errata/RHSA-2024:0134"
},
{
"name": "https://access.redhat.com/errata/RHSA-2024:0461",
"refsource": "MISC",
"url": "https://access.redhat.com/errata/RHSA-2024:0461"
},
{
"name": "https://access.redhat.com/errata/RHSA-2024:1404",
"refsource": "MISC",
"url": "https://access.redhat.com/errata/RHSA-2024:1404"
},
{
"name": "https://access.redhat.com/security/cve/CVE-2023-5633",
"refsource": "MISC",
"url": "https://access.redhat.com/security/cve/CVE-2023-5633"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2245663",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2245663"
}
]
},
"work_around": [
{
"lang": "en",
"value": "This flaw can be mitigated by turning off 3D acceleration in VMware (if possible) or preventing the affected `vmwgfx` kernel module from being loaded. For instructions on how to blacklist a kernel module, please see https://access.redhat.com/solutions/41278."
}
]
},
"nvd.nist.gov": {
"cve": {
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9D42A7C6-CE38-4D73-B7AC-615F6D53F783",
"versionEndExcluding": "6.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "84267A4F-DBC2-444F-B41D-69E15E1BEC97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc2:*:*:*:*:*:*",
"matchCriteriaId": "FB440208-241C-4246-9A83-C1715C0DAA6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc3:*:*:*:*:*:*",
"matchCriteriaId": "0DC421F1-3D5A-4BEF-BF76-4E468985D20B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc4:*:*:*:*:*:*",
"matchCriteriaId": "00AB783B-BE05-40E8-9A55-6AA457D95031",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc5:*:*:*:*:*:*",
"matchCriteriaId": "E7C78D0A-C4A2-4D41-B726-8979E33AD0F9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface. When running inside a VMware guest with 3D acceleration enabled, a local, unprivileged user could potentially use this flaw to escalate their privileges."
},
{
"lang": "es",
"value": "Los cambios en el recuento de referencias realizados como parte de las correcciones CVE-2023-33951 y CVE-2023-33952 expusieron una falla de use-after-free en la forma en que se manejaban los objetos de memoria cuando se usaban para almacenar una superficie. Cuando se ejecuta dentro de un invitado de VMware con la aceleraci\u00f3n 3D habilitada, un usuario local sin privilegios podr\u00eda utilizar esta falla para aumentar sus privilegios."
}
],
"id": "CVE-2023-5633",
"lastModified": "2024-01-25T20:15:39.400",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "secalert@redhat.com",
"type": "Secondary"
}
]
},
"published": "2023-10-23T22:15:09.430",
"references": [
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2024:0113"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2024:0134"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2024:0461"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-5633"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2245663"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
}
]
}
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…