Unrated severityNVD Advisory· Published Oct 23, 2023· Updated Feb 25, 2026

Kernel: vmwgfx: reference count issue leads to use-after-free in surface handling

CVE-2023-5633

Description

The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface. When running inside a VMware guest with 3D acceleration enabled, a local, unprivileged user could potentially use this flaw to escalate their privileges.

Affected products

100

Red Hat/Enterprise Linuxcpe-rescue6 versions
cpe:/a:redhat:enterprise_linux:8::crb+ 5 more
- cpe:/a:redhat:enterprise_linux:8::crbrange: 0:4.18.0-513.11.1.el8_9
- cpe:/a:redhat:enterprise_linux:8::realtimerange: 0:4.18.0-513.11.1.rt7.313.el8_9
- cpe:/a:redhat:enterprise_linux:9::crbrange: 0:5.14.0-362.18.1.el9_3
- cpe:/o:redhat:enterprise_linux:6
- cpe:/o:redhat:enterprise_linux:7
- cpe:/o:redhat:enterprise_linux:9
Red Hat/Red Hat Enterprise Linux 8.8 Extended Update Supportv5
cpe:/a:redhat:rhel_eus:8.8::crb
Range: 0:4.18.0-477.51.1.el8_8
Red Hat/Red Hat Enterprise Linux 9.2 Extended Update Supportv52 versions
cpe:/a:redhat:rhel_eus:9.2::appstream+ 1 more
- cpe:/a:redhat:rhel_eus:9.2::appstreamrange: 0:5.14.0-284.75.1.el9_2
- cpe:/a:redhat:rhel_eus:9.2::realtimerange: 0:5.14.0-284.75.1.rt14.360.el9_2
osv-coords91 versions
pkg:deb/ubuntu/linux-azure@6.5.0-1009.9?arch=source&distro=mantic pkg:deb/ubuntu/linux-gcp@6.5.0-1010.10?arch=source&distro=mantic pkg:rpm/almalinux/bpftool pkg:rpm/almalinux/kernel pkg:rpm/almalinux/kernel-abi-stablelists pkg:rpm/almalinux/kernel-core pkg:rpm/almalinux/kernel-cross-headers pkg:rpm/almalinux/kernel-debug pkg:rpm/almalinux/kernel-debug-core pkg:rpm/almalinux/kernel-debug-devel pkg:rpm/almalinux/kernel-debug-modules pkg:rpm/almalinux/kernel-debug-modules-extra pkg:rpm/almalinux/kernel-devel pkg:rpm/almalinux/kernel-doc pkg:rpm/almalinux/kernel-modules pkg:rpm/almalinux/kernel-modules-extra pkg:rpm/almalinux/kernel-tools pkg:rpm/almalinux/kernel-tools-libs pkg:rpm/almalinux/kernel-tools-libs-devel pkg:rpm/almalinux/kernel-zfcpdump pkg:rpm/almalinux/kernel-zfcpdump-core pkg:rpm/almalinux/kernel-zfcpdump-devel pkg:rpm/almalinux/kernel-zfcpdump-modules pkg:rpm/almalinux/kernel-zfcpdump-modules-extra pkg:rpm/almalinux/perf pkg:rpm/almalinux/python3-perf pkg:rpm/opensuse/dtb-aarch64&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-64kb&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-azure&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-debug&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-default-base&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-default&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-docs&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-kvmsmall&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-obs-build&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-obs-qa&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-rt_debug&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-rt&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-source-azure&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-source&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-source-rt&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-syms-azure&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-syms&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-syms-rt&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-zfcpdump&distro=openSUSE%20Leap%2015.5 pkg:rpm/suse/kernel-64kb&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5 pkg:rpm/suse/kernel-64kb&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7 pkg:rpm/suse/kernel-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP5 pkg:rpm/suse/kernel-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP7 pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Micro%205.5 pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5 pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP5 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP7 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP5 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP7 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Micro%205.5 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015%20SP5 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015%20SP7 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP5 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP7 pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP5 pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP7 pkg:rpm/suse/kernel-livepatch-SLE15-SP5-RT_Update_8&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP5 pkg:rpm/suse/kernel-livepatch-SLE15-SP5_Update_8&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP5 pkg:rpm/suse/kernel-livepatch-SLE15-SP7-RT_Update_5&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP7 pkg:rpm/suse/kernel-livepatch-SLE15-SP7_Update_5&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP7 pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP5 pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP7 pkg:rpm/suse/kernel-rt_debug&distro=SUSE%20Real%20Time%20Module%2015%20SP5 pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.5 pkg:rpm/suse/kernel-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP5 pkg:rpm/suse/kernel-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP7 pkg:rpm/suse/kernel-source-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP5 pkg:rpm/suse/kernel-source-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP7 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP5 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP7 pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP5 pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP7 pkg:rpm/suse/kernel-syms-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP5 pkg:rpm/suse/kernel-syms-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP7 pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP5 pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP7 pkg:rpm/suse/kernel-syms-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP5 pkg:rpm/suse/kernel-syms-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP7 pkg:rpm/suse/kernel-zfcpdump&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5 pkg:rpm/suse/kernel-zfcpdump&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7
< 6.5.0-1009.9+ 90 more
- (no CPE)range: < 6.5.0-1009.9
- (no CPE)range: < 6.5.0-1010.10
- (no CPE)range: < 4.18.0-513.11.1.el8_9
- (no CPE)range: < 4.18.0-513.11.1.el8_9
- (no CPE)range: < 4.18.0-513.11.1.el8_9
- (no CPE)range: < 4.18.0-513.11.1.el8_9
- (no CPE)range: < 4.18.0-513.11.1.el8_9
- (no CPE)range: < 4.18.0-513.11.1.el8_9
- (no CPE)range: < 4.18.0-513.11.1.el8_9
- (no CPE)range: < 4.18.0-513.11.1.el8_9
- (no CPE)range: < 4.18.0-513.11.1.el8_9
- (no CPE)range: < 4.18.0-513.11.1.el8_9
- (no CPE)range: < 4.18.0-513.11.1.el8_9
- (no CPE)range: < 4.18.0-513.11.1.el8_9
- (no CPE)range: < 4.18.0-513.11.1.el8_9
- (no CPE)range: < 4.18.0-513.11.1.el8_9
- (no CPE)range: < 4.18.0-513.11.1.el8_9
- (no CPE)range: < 4.18.0-513.11.1.el8_9
- (no CPE)range: < 4.18.0-513.11.1.el8_9
- (no CPE)range: < 4.18.0-513.11.1.el8_9
- (no CPE)range: < 4.18.0-513.11.1.el8_9
- (no CPE)range: < 4.18.0-513.11.1.el8_9
- (no CPE)range: < 4.18.0-513.11.1.el8_9
- (no CPE)range: < 4.18.0-513.11.1.el8_9
- (no CPE)range: < 4.18.0-513.11.1.el8_9
- (no CPE)range: < 4.18.0-513.11.1.el8_9
- (no CPE)range: < 5.14.21-150500.55.39.1
- (no CPE)range: < 5.14.21-150500.55.39.1
- (no CPE)range: < 5.14.21-150500.33.26.1
- (no CPE)range: < 5.14.21-150500.55.39.1
- (no CPE)range: < 5.14.21-150500.55.39.1.150500.6.17.1
- (no CPE)range: < 5.14.21-150500.55.39.1
- (no CPE)range: < 5.14.21-150500.55.39.1
- (no CPE)range: < 5.14.21-150500.55.39.1
- (no CPE)range: < 5.14.21-150500.55.39.1
- (no CPE)range: < 5.14.21-150500.55.39.1
- (no CPE)range: < 5.14.21-150500.13.27.2
- (no CPE)range: < 5.14.21-150500.13.27.2
- (no CPE)range: < 5.14.21-150500.33.26.1
- (no CPE)range: < 5.14.21-150500.55.39.1
- (no CPE)range: < 5.14.21-150500.13.27.2
- (no CPE)range: < 5.14.21-150500.33.26.1
- (no CPE)range: < 5.14.21-150500.55.39.1
- (no CPE)range: < 5.14.21-150500.13.27.1
- (no CPE)range: < 5.14.21-150500.55.39.1
- (no CPE)range: < 5.14.21-150500.55.39.1
- (no CPE)range: < 6.4.0-150700.53.19.1
- (no CPE)range: < 5.14.21-150500.33.26.1
- (no CPE)range: < 6.4.0-150700.20.15.2
- (no CPE)range: < 5.14.21-150500.55.39.1.150500.6.17.1
- (no CPE)range: < 5.14.21-150500.55.39.1.150500.6.17.1
- (no CPE)range: < 6.4.0-150700.53.19.1.150700.17.13.1
- (no CPE)range: < 5.14.21-150500.55.39.1
- (no CPE)range: < 6.4.0-150700.53.19.1
- (no CPE)range: < 5.14.21-150500.55.39.1
- (no CPE)range: < 6.4.0-150700.53.19.1
- (no CPE)range: < 5.14.21-150500.55.39.1
- (no CPE)range: < 5.14.21-150500.55.39.1
- (no CPE)range: < 6.4.0-150700.53.19.1
- (no CPE)range: < 5.14.21-150500.55.39.1
- (no CPE)range: < 6.4.0-150700.53.19.1
- (no CPE)range: < 5.14.21-150500.55.39.1
- (no CPE)range: < 6.4.0-150700.53.19.1
- (no CPE)range: < 5.14.21-150500.55.39.1
- (no CPE)range: < 6.4.0-150700.53.19.1
- (no CPE)range: < 1-150500.11.3.2
- (no CPE)range: < 1-150500.11.3.1
- (no CPE)range: < 1-150700.1.3.1
- (no CPE)range: < 1-150700.15.3.1
- (no CPE)range: < 5.14.21-150500.55.39.1
- (no CPE)range: < 6.4.0-150700.53.19.1
- (no CPE)range: < 5.14.21-150500.13.27.2
- (no CPE)range: < 5.14.21-150500.13.27.2
- (no CPE)range: < 5.14.21-150500.13.27.2
- (no CPE)range: < 6.4.0-150700.7.19.1
- (no CPE)range: < 5.14.21-150500.33.26.1
- (no CPE)range: < 6.4.0-150700.20.15.2
- (no CPE)range: < 5.14.21-150500.55.39.1
- (no CPE)range: < 6.4.0-150700.53.19.1
- (no CPE)range: < 5.14.21-150500.55.39.1
- (no CPE)range: < 6.4.0-150700.53.19.1
- (no CPE)range: < 5.14.21-150500.13.27.2
- (no CPE)range: < 6.4.0-150700.7.19.1
- (no CPE)range: < 5.14.21-150500.33.26.1
- (no CPE)range: < 6.4.0-150700.20.15.1
- (no CPE)range: < 5.14.21-150500.55.39.1
- (no CPE)range: < 6.4.0-150700.53.19.1
- (no CPE)range: < 5.14.21-150500.13.27.1
- (no CPE)range: < 6.4.0-150700.7.19.1
- (no CPE)range: < 5.14.21-150500.55.39.1
- (no CPE)range: < 6.4.0-150700.53.19.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

access.redhat.com/errata/RHSA-2024:0113mitrevendor-advisoryx_refsource_REDHAT
access.redhat.com/errata/RHSA-2024:0134mitrevendor-advisoryx_refsource_REDHAT
access.redhat.com/errata/RHSA-2024:0461mitrevendor-advisoryx_refsource_REDHAT
access.redhat.com/errata/RHSA-2024:1404mitrevendor-advisoryx_refsource_REDHAT
access.redhat.com/errata/RHSA-2024:4823mitrevendor-advisoryx_refsource_REDHAT
access.redhat.com/errata/RHSA-2024:4831mitrevendor-advisoryx_refsource_REDHAT
access.redhat.com/security/cve/CVE-2023-5633mitrevdb-entryx_refsource_REDHAT
bugzilla.redhat.com/show_bug.cgimitreissue-trackingx_refsource_REDHAT

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000