CVE-2023-5633

Published Oct 23, 2023

Last updated 2 months ago

CVSS high 7.8

Overview

Description: The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface. When running inside a VMware guest with 3D acceleration enabled, a local, unprivileged user could potentially use this flaw to escalate their privileges.
Source: secalert@redhat.com
NVD status: Modified
Products: linux_kernel, codeready_linux_builder, codeready_linux_builder_eus, codeready_linux_builder_for_arm64, codeready_linux_builder_for_arm64_eus, codeready_linux_builder_for_ibm_z_systems, codeready_linux_builder_for_ibm_z_systems_eus, codeready_linux_builder_for_power_little_endian, codeready_linux_builder_for_power_little_endian_eus, enterprise_linux, enterprise_linux_eus, enterprise_linux_for_arm_64, enterprise_linux_for_arm_64_eus, enterprise_linux_for_ibm_z_systems, enterprise_linux_for_ibm_z_systems_eus, enterprise_linux_for_power_little_endian, enterprise_linux_for_power_little_endian_eus, enterprise_linux_for_real_time, enterprise_linux_for_real_time_for_nfv, enterprise_linux_server_aus, enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions, enterprise_linux_server_tus

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.8
Impact score: 5.9
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

Weaknesses

secalert@redhat.com: CWE-911
nvd@nist.gov: CWE-416

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "B91950D6-83A3-41D3-8739-9DD8A03F7CE6",
            "versionEndExcluding": "6.1.75",
            "versionStartIncluding": "6.1.13",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "AD4E15B4-2591-4A3A-B2A2-7FEAECD5027D",
            "versionEndExcluding": "6.5.8",
            "versionStartIncluding": "6.2",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc1:*:*:*:*:*:*",
            "matchCriteriaId": "84267A4F-DBC2-444F-B41D-69E15E1BEC97",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc2:*:*:*:*:*:*",
            "matchCriteriaId": "FB440208-241C-4246-9A83-C1715C0DAA6C",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc3:*:*:*:*:*:*",
            "matchCriteriaId": "0DC421F1-3D5A-4BEF-BF76-4E468985D20B",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc4:*:*:*:*:*:*",
            "matchCriteriaId": "00AB783B-BE05-40E8-9A55-6AA457D95031",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc5:*:*:*:*:*:*",
            "matchCriteriaId": "E7C78D0A-C4A2-4D41-B726-8979E33AD0F9",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc6:*:*:*:*:*:*",
            "matchCriteriaId": "E114E9DD-F7E1-40CC-AAD5-F14E586CB2E6",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:redhat:codeready_linux_builder:8.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "93A089E2-D66E-455C-969A-3140D991BAF4",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:redhat:codeready_linux_builder:9.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "2ABBAA9E-CCBA-480B-ABB5-454448D91262",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:redhat:codeready_linux_builder_eus:8.8:*:*:*:*:*:*:*",
            "matchCriteriaId": "F9812B09-CC24-43F5-98E8-6D9EFE026E8A",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:redhat:codeready_linux_builder_eus:9.2:*:*:*:*:*:*:*",
            "matchCriteriaId": "936B046D-ADEB-4701-8957-AC28CFA9C5C9",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:redhat:codeready_linux_builder_eus:9.4:*:*:*:*:*:*:*",
            "matchCriteriaId": "2C4B0BD8-527F-4728-A64B-F8F06D5EDEC5",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_arm64:8.0_aarch64:*:*:*:*:*:*:*",
            "matchCriteriaId": "D206176C-6B2B-4BED-A3A2-AE39A41CB3C5",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_arm64:9.0_aarch64:*:*:*:*:*:*:*",
            "matchCriteriaId": "910C9542-26FC-4635-9351-128727971830",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:8.8_aarch64:*:*:*:*:*:*:*",
            "matchCriteriaId": "547DCB0A-32F0-4BC9-BCA4-EA50064DA5D6",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.2_aarch64:*:*:*:*:*:*:*",
            "matchCriteriaId": "09AAD850-019A-46B8-A5A1-845DE048D30A",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.4_aarch64:*:*:*:*:*:*:*",
            "matchCriteriaId": "88F9EB73-1F19-4BD9-AB19-36F9F1A5156E",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:*",
            "matchCriteriaId": "CA3C5EAE-267F-410F-8AFA-8F5B68A9E617",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.2_s390x:*:*:*:*:*:*:*",
            "matchCriteriaId": "86034E5B-BCDD-4AFD-A460-38E790F608F5",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.4_s390x:*:*:*:*:*:*:*",
            "matchCriteriaId": "35232613-B8B5-4F4D-A6CD-3823C6666534",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*",
            "matchCriteriaId": "F791F846-7762-40E0-9056-032FD10F2046",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian:9.0_ppc64le:*:*:*:*:*:*:*",
            "matchCriteriaId": "7B3D7389-35C1-48C4-A9EC-2564842723C4",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:8.8_ppc64le:*:*:*:*:*:*:*",
            "matchCriteriaId": "C9795CF6-CBEB-4FE4-BAAC-D9D514C6B5B6",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*",
            "matchCriteriaId": "C2ED1251-245C-4390-8964-DDCAD54A8957",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:9.4_ppc64le:*:*:*:*:*:*:*",
            "matchCriteriaId": "03A1BB59-4BE6-4339-ABB7-C18B7D899FB9",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*",
            "matchCriteriaId": "62C31522-0A17-4025-B269-855C7F4B45C2",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*",
            "matchCriteriaId": "3C74F6FA-FA6C-4648-9079-91446E45EE47",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:9.4:*:*:*:*:*:*:*",
            "matchCriteriaId": "B03506D7-0FCD-47B7-90F6-DDEEB5C5A733",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0_aarch64:*:*:*:*:*:*:*",
            "matchCriteriaId": "5A47EF78-A5B6-4B89-8B74-EEB0647C549F",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0_aarch64:*:*:*:*:*:*:*",
            "matchCriteriaId": "2F7DAD7C-9369-4A87-A1D0-4208D3AF0CDC",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.8_aarch64:*:*:*:*:*:*:*",
            "matchCriteriaId": "213593D4-EB5A-4A1B-BDF3-3F043C5F6A6C",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.2_aarch64:*:*:*:*:*:*:*",
            "matchCriteriaId": "9A879F9F-F087-45D4-BD65-2990276477D2",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.4_aarch64:*:*:*:*:*:*:*",
            "matchCriteriaId": "01363FFA-F7A6-43FC-8D47-E67F95410095",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*",
            "matchCriteriaId": "32AF225E-94C0-4D07-900C-DD868C05F554",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:*",
            "matchCriteriaId": "FB056B47-1F45-4CE4-81F6-872F66C24C29",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x:*:*:*:*:*:*:*",
            "matchCriteriaId": "22C65F53-D624-48A9-A9B7-4C78A31E19F9",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.2_s390x:*:*:*:*:*:*:*",
            "matchCriteriaId": "26041661-0280-4544-AA0A-BC28FCED4699",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.4_s390x:*:*:*:*:*:*:*",
            "matchCriteriaId": "F843B777-5C64-4CAE-80D6-89DC2C9515B1",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*",
            "matchCriteriaId": "23D471AC-7DCA-4425-AD91-E5D928753A8C",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0_ppc64le:*:*:*:*:*:*:*",
            "matchCriteriaId": "E07C1C58-0E5F-4B56-9B8D-5DE67DB00F79",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*",
            "matchCriteriaId": "99952557-C766-4B9E-8BF5-DBBA194349FF",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.4_ppc64le:*:*:*:*:*:*:*",
            "matchCriteriaId": "FC3CBA5D-9E5D-4C46-B37E-7BB35BE8DADB",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_real_time:8.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "5487EF77-D23A-4CC0-851C-E330B4485D8A",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_real_time:9.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "F8173AF8-110D-4503-AA50-1BA4F79622E6",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv:8.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "782C86CD-1B68-410A-A096-E5170AD24DA2",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv:9.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "6D583DDD-E84D-4180-A339-5467540DB9EC",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:*",
            "matchCriteriaId": "F32CA554-F9D7-425B-8F1C-89678507F28C",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:9.4:*:*:*:*:*:*:*",
            "matchCriteriaId": "39D345D3-108A-4551-A112-5EE51991411A",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.8:*:*:*:*:*:*:*",
            "matchCriteriaId": "12A809B2-2771-4780-9E0D-6A7B4A534CFB",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.2_ppc64le:*:*:*:*:*:*:*",
            "matchCriteriaId": "CC6A25CB-907A-4D05-8460-A2488938A8BE",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8:*:*:*:*:*:*:*",
            "matchCriteriaId": "F1CA946D-1665-4874-9D41-C7D963DD1F56",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

Related CVEs

References