VMware Workstation 3D Accel UAF: Priv Esc via Refcount Bug
CVE-2023-5633 Published on October 23, 2023
The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface. When running inside a VMware guest with 3D acceleration enabled, a local, unprivileged user could potentially use this flaw to escalate their privileges.
Vulnerability Analysis
CVE-2023-5633 can be exploited with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.
Weakness Type
What is a Dangling pointer Vulnerability?
Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.
CVE-2023-5633 has been classified to as a Dangling pointer vulnerability or weakness.
Products Associated with CVE-2023-5633
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2023-5633 are published in these products:
Affected Versions
Red Hat Enterprise Linux 8:- Version 0:4.18.0-513.11.1.rt7.313.el8_9 and below * is unaffected.
- Version 0:4.18.0-513.11.1.el8_9 and below * is unaffected.
- Version 0:4.18.0-477.51.1.el8_8 and below * is unaffected.
- Version 0:5.14.0-362.18.1.el9_3 and below * is unaffected.
- Version 0:5.14.0-362.18.1.el9_3 and below * is unaffected.
- Version 0:5.14.0-284.75.1.el9_2 and below * is unaffected.
- Version 0:5.14.0-284.75.1.rt14.360.el9_2 and below * is unaffected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.