Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2023-5633

Опубликовано: 28 сент. 2023
Источник: redhat
CVSS3: 7.8

Описание

The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface. When running inside a VMware guest with 3D acceleration enabled, a local, unprivileged user could potentially use this flaw to escalate their privileges.

Меры по смягчению последствий

This flaw can be mitigated by turning off 3D acceleration in VMware (if possible) or preventing the affected vmwgfx kernel module from being loaded. For instructions on how to blacklist a kernel module, please see https://access.redhat.com/solutions/41278.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6kernelNot affected
Red Hat Enterprise Linux 7kernelNot affected
Red Hat Enterprise Linux 7kernel-rtNot affected
Red Hat Enterprise Linux 9kernel-rtAffected
Red Hat Enterprise Linux 8kernel-rtFixedRHSA-2024:013410.01.2024
Red Hat Enterprise Linux 8kernelFixedRHSA-2024:011310.01.2024
Red Hat Enterprise Linux 8.8 Extended Update SupportkernelFixedRHSA-2024:140419.03.2024
Red Hat Enterprise Linux 9kernelFixedRHSA-2024:046125.01.2024
Red Hat Enterprise Linux 9kernelFixedRHSA-2024:046125.01.2024
Red Hat Enterprise Linux 9.2 Extended Update SupportkernelFixedRHSA-2024:482324.07.2024

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-911->CWE-416
https://bugzilla.redhat.com/show_bug.cgi?id=2245663kernel: vmwgfx: reference count issue leads to use-after-free in surface handling

7.8 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2023-5633

CVSS3: 7.8
ubuntu
больше 1 года назад

The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface. When running inside a VMware guest with 3D acceleration enabled, a local, unprivileged user could potentially use this flaw to escalate their privileges.

nvd логотип

CVE-2023-5633

CVSS3: 7.8
nvd
больше 1 года назад

The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface. When running inside a VMware guest with 3D acceleration enabled, a local, unprivileged user could potentially use this flaw to escalate their privileges.

msrc логотип

CVE-2023-5633

CVSS3: 7.8
msrc
больше 1 года назад

Описание отсутствует

debian логотип

CVE-2023-5633

CVSS3: 7.8
debian
больше 1 года назад

The reference count changes made as part of the CVE-2023-33951 and CVE ...

github логотип

GHSA-3hmc-jxr7-rw7j

CVSS3: 7.8
github
больше 1 года назад

The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface. When running inside a VMware guest with 3D acceleration enabled, a local, unprivileged user could potentially use this flaw to escalate their privileges.

7.8 High

CVSS3