CVE-2023-5633 HIGH

CVE-2023-5633: Kernel: vmwgfx: reference count issue leads to use-after-free in surface handling

Vendor Red Hat
Product Red Hat Enterprise Linux 6
Weakness CWE-911
Published October 23, 2023
Last update February 25, 2026

CVSS base score

7.8/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface. When running inside a VMware guest with 3D acceleration enabled, a local, unprivileged user could potentially use this flaw to escalate their privileges.

Key dates

02Disclosure timeline

October 23, 2023 CVE published
February 25, 2026 Record updated