CVE-2023-5633

high-risk
Published 2023-10-23

The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface. When running inside a VMware guest with 3D acceleration enabled, a local, unprivileged user could potentially use this flaw to escalate their privileges.

Do I need to act?

-
0.01% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.8/10 High
LOCAL / LOW complexity

Affected Products (20)

Codeready Linux Builder For Arm64
Codeready Linux Builder For Arm64
Codeready Linux Builder For Arm64 Eus
Codeready Linux Builder For Arm64 Eus
Codeready Linux Builder For Arm64 Eus
Codeready Linux Builder For Ibm Z Systems
Codeready Linux Builder For Ibm Z Systems Eus
Codeready Linux Builder For Ibm Z Systems Eus

Affected Vendors

Redhat Linux

References (16)

Third Party Advisory https://access.redhat.com/errata/RHSA-2024:0113
Third Party Advisory https://access.redhat.com/errata/RHSA-2024:0134
Third Party Advisory https://access.redhat.com/errata/RHSA-2024:0461
Third Party Advisory https://access.redhat.com/errata/RHSA-2024:1404
Third Party Advisory https://access.redhat.com/errata/RHSA-2024:4823
Third Party Advisory https://access.redhat.com/errata/RHSA-2024:4831
Third Party Advisory https://access.redhat.com/security/cve/CVE-2023-5633
Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=2245663
Third Party Advisory https://access.redhat.com/errata/RHSA-2024:0113
Third Party Advisory https://access.redhat.com/errata/RHSA-2024:0134
Third Party Advisory https://access.redhat.com/errata/RHSA-2024:0461
Third Party Advisory https://access.redhat.com/errata/RHSA-2024:1404
Third Party Advisory https://access.redhat.com/errata/RHSA-2024:4823
Third Party Advisory https://access.redhat.com/errata/RHSA-2024:4831
Third Party Advisory https://access.redhat.com/security/cve/CVE-2023-5633
Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=2245663
50
/ 100
high-risk
Severity 24/34 · High
Exploitability 0/34 · Minimal
Exposure 26/34 · High