CVE-2023-5633

Advisory lineage Upstream: 0 Downstream: 18

Downstream

DEBIAN-CVE-2023-5633 MGASA-2023-0328 MGASA-2023-0331 RHSA-2024:0113 RHSA-2024:0134 RHSA-2024:0461

Modified

Published: 23 Oct 2023, 21:58

Last modified:25 Feb 2026, 18:18

Vulnerability Summary

Overall Risk (default)

medium

31/100

CVSS Score

7.8 HIGH

v3.1 (cve.org)

EPSS Score

0.01% LOW

0% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

23 Oct 2023, 21:58

Published

Vulnerability first disclosed

25 Feb 2026, 18:18

Last Modified

Vulnerability information updated

Description

The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface. When running inside a VMware guest with 3D acceleration enabled, a local, unprivileged user could potentially use this flaw to escalate their privileges.

CVSS Metrics

v3.1•HIGH•Score: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Trends

Current EPSS score: 0.01%• Percentile: 3%

Techniques & Countermeasures

CWE-911•Improper Update of Reference Count
The product uses a reference count to manage a resource, but it does not update or incorrectly updates the reference count.
CWE-416•Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

Affected Systems

linux•linux_kernel
≥ 6.1.13, < 6.1.75 | ≥ 6.2, < 6.5.8 | 6.6:rc1 | 6.6:rc2 | 6.6:rc3 | 6.6:rc4 | 6.6:rc5 | 6.6:rc6
redhat•codeready_linux_builder
8.0 | 9.0
redhat•codeready_linux_builder_eus
8.8 | 9.2 | 9.4
redhat•codeready_linux_builder_for_arm64
8.0_aarch64 | 9.0_aarch64
redhat•codeready_linux_builder_for_arm64_eus
8.8_aarch64 | 9.2_aarch64 | 9.4_aarch64
redhat•codeready_linux_builder_for_ibm_z_systems
9.0_s390x
redhat•codeready_linux_builder_for_ibm_z_systems_eus
9.2_s390x | 9.4_s390x
redhat•codeready_linux_builder_for_power_little_endian
8.0_ppc64le | 9.0_ppc64le
redhat•codeready_linux_builder_for_power_little_endian_eus
8.8_ppc64le | 9.2_ppc64le | 9.4_ppc64le
redhat•enterprise_linux
8.0 | 9.0
redhat•enterprise_linux_eus
8.8 | 9.2 | 9.4
redhat•enterprise_linux_for_arm_64
8.0_aarch64 | 9.0_aarch64
redhat•enterprise_linux_for_arm_64_eus
8.8_aarch64 | 9.2_aarch64 | 9.4_aarch64
redhat•enterprise_linux_for_ibm_z_systems
8.0_s390x | 9.0_s390x
redhat•enterprise_linux_for_ibm_z_systems_eus
8.8_s390x | 9.2_s390x | 9.4_s390x
redhat•enterprise_linux_for_power_little_endian
8.0_ppc64le | 9.0_ppc64le
redhat•enterprise_linux_for_power_little_endian_eus
9.2_ppc64le | 9.4_ppc64le
redhat•enterprise_linux_for_real_time
8.0 | 9.0
redhat•enterprise_linux_for_real_time_for_nfv
8.0 | 9.0
redhat•enterprise_linux_server_aus
9.2 | 9.4
redhat•enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions
8.8 | 9.2_ppc64le
redhat•enterprise_linux_server_tus
8.8