Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2023-5633

Опубликовано: 28 сент. 2023
Источник: redhat
CVSS3: 7.8
EPSS Низкий

Описание

The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface. When running inside a VMware guest with 3D acceleration enabled, a local, unprivileged user could potentially use this flaw to escalate their privileges.

Меры по смягчению последствий

This flaw can be mitigated by turning off 3D acceleration in VMware (if possible) or preventing the affected vmwgfx kernel module from being loaded. For instructions on how to blacklist a kernel module, please see https://access.redhat.com/solutions/41278.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6kernelNot affected
Red Hat Enterprise Linux 7kernelNot affected
Red Hat Enterprise Linux 7kernel-rtNot affected
Red Hat Enterprise Linux 9kernel-rtAffected
Red Hat Enterprise Linux 8kernel-rtFixedRHSA-2024:013410.01.2024
Red Hat Enterprise Linux 8kernelFixedRHSA-2024:011310.01.2024
Red Hat Enterprise Linux 8.8 Extended Update SupportkernelFixedRHSA-2024:140419.03.2024
Red Hat Enterprise Linux 9kernelFixedRHSA-2024:046125.01.2024
Red Hat Enterprise Linux 9kernelFixedRHSA-2024:046125.01.2024
Red Hat Enterprise Linux 9.2 Extended Update SupportkernelFixedRHSA-2024:482324.07.2024

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-911->CWE-416
https://bugzilla.redhat.com/show_bug.cgi?id=2245663kernel: vmwgfx: reference count issue leads to use-after-free in surface handling

EPSS

Процентиль: 2%
0.00015
Низкий

7.8 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2023-5633

CVSS3: 7.8
ubuntu
около 2 лет назад

The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface. When running inside a VMware guest with 3D acceleration enabled, a local, unprivileged user could potentially use this flaw to escalate their privileges.

nvd логотип

CVE-2023-5633

CVSS3: 7.8
nvd
около 2 лет назад

The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface. When running inside a VMware guest with 3D acceleration enabled, a local, unprivileged user could potentially use this flaw to escalate their privileges.

msrc логотип

CVE-2023-5633

CVSS3: 7.8
msrc
около 2 лет назад

Kernel: vmwgfx: reference count issue leads to use-after-free in surface handling

debian логотип

CVE-2023-5633

CVSS3: 7.8
debian
около 2 лет назад

The reference count changes made as part of the CVE-2023-33951 and CVE ...

github логотип

GHSA-3hmc-jxr7-rw7j

CVSS3: 7.8
github
около 2 лет назад

The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface. When running inside a VMware guest with 3D acceleration enabled, a local, unprivileged user could potentially use this flaw to escalate their privileges.

EPSS

Процентиль: 2%
0.00015
Низкий

7.8 High

CVSS3