Bugzilla – Bug 1216527
VUL-0: CVE-2023-5633: kernel: vmwgfx reference count issue leads to use-after-free in surface handling
Last modified: 2025-06-18 23:45:48 UTC
The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface. When running inside a VMware guest with 3D acceleration enabled, a local, unprivileged user could potentially use this flaw to escalate their privileges. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5633 https://bugzilla.redhat.com/show_bug.cgi?id=2245663 https://lists.freedesktop.org/archives/dri-devel/2023-September/424805.html https://github.com/torvalds/linux/commit/91398b413d03660fd5828f7b4abc64e884b98069
tracking as affected: - ALP-current (and SLE15-SP6) - SLE15-SP5 based on part on bsc#1211593 and bsc#1211595
Hi Thomas, Because this CVE issue relates to vmwgfx. Could you please help to handle it? If this is not in your area, just reset bug assigner to kernel-bugs@suse.de. Kernel Security Sentinel will find other expert. Thanks a lot!
Hi folks, https://www.suse.com/security/cve/CVE-2023-5633.html says SUSE Linux Enterprise Server 15 SP4 Not affected SUSE Linux Enterprise Server 15 SP5 Affected Is this because the fault was introduced in SP5 by the fixes for CVE-2023-33951 and CVE-2023-33952? I'm trying to determine whether Leap 15.4 is affected. Thanks, Simon
(In reply to Simon Logan from comment #5) > Hi folks, > > https://www.suse.com/security/cve/CVE-2023-5633.html says > SUSE Linux Enterprise Server 15 SP4 Not affected > SUSE Linux Enterprise Server 15 SP5 Affected > > Is this because the fault was introduced in SP5 by the fixes for > CVE-2023-33951 and CVE-2023-33952? > > I'm trying to determine whether Leap 15.4 is affected. > > Thanks, > Simon The respective commits that introduced the other CVEs were not backported into the SLES 15 SP4 kernel, so its not affected.
(In reply to Marcus Meissner from comment #6) > (In reply to Simon Logan from comment #5) > > Hi folks, > > > > https://www.suse.com/security/cve/CVE-2023-5633.html says > > SUSE Linux Enterprise Server 15 SP4 Not affected > > SUSE Linux Enterprise Server 15 SP5 Affected > > > > Is this because the fault was introduced in SP5 by the fixes for > > CVE-2023-33951 and CVE-2023-33952? > > > > I'm trying to determine whether Leap 15.4 is affected. > > > > Thanks, > > Simon > > The respective commits that introduced the other CVEs were not backported > into the SLES 15 SP4 kernel, so its not affected. Thanks Marcus.
Patches have been merged. Unassigning myself.
SUSE-SU-2023:4732-1: An update that solves 15 vulnerabilities, contains three features and has 39 security fixes can now be installed. Category: security (important) Bug References: 1207948, 1210447, 1212649, 1214286, 1214700, 1214840, 1214976, 1215095, 1215123, 1215124, 1215292, 1215420, 1215458, 1215710, 1215802, 1215931, 1216058, 1216105, 1216259, 1216527, 1216584, 1216621, 1216687, 1216693, 1216759, 1216761, 1216788, 1216844, 1216861, 1216909, 1216959, 1216965, 1216976, 1217036, 1217068, 1217086, 1217095, 1217124, 1217140, 1217147, 1217195, 1217196, 1217200, 1217205, 1217332, 1217366, 1217511, 1217515, 1217598, 1217599, 1217609, 1217687, 1217731, 1217780 CVE References: CVE-2023-2006, CVE-2023-25775, CVE-2023-3777, CVE-2023-39197, CVE-2023-39198, CVE-2023-4244, CVE-2023-45863, CVE-2023-45871, CVE-2023-46813, CVE-2023-46862, CVE-2023-5158, CVE-2023-5633, CVE-2023-5717, CVE-2023-6039, CVE-2023-6176 Jira References: PED-3184, PED-5021, PED-7237 Sources used: openSUSE Leap 15.5 (src): kernel-source-rt-5.14.21-150500.13.27.2, kernel-syms-rt-5.14.21-150500.13.27.1, kernel-livepatch-SLE15-SP5-RT_Update_8-1-150500.11.3.2 SUSE Linux Enterprise Live Patching 15-SP5 (src): kernel-livepatch-SLE15-SP5-RT_Update_8-1-150500.11.3.2 SUSE Real Time Module 15-SP5 (src): kernel-source-rt-5.14.21-150500.13.27.2, kernel-syms-rt-5.14.21-150500.13.27.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:4734-1: An update that solves 13 vulnerabilities, contains three features and has 38 security fixes can now be installed. Category: security (important) Bug References: 1084909, 1207948, 1210447, 1214286, 1214700, 1214840, 1214976, 1215123, 1215124, 1215292, 1215420, 1215458, 1215710, 1215802, 1215931, 1216058, 1216105, 1216259, 1216527, 1216584, 1216687, 1216693, 1216759, 1216788, 1216844, 1216861, 1216909, 1216959, 1216965, 1216976, 1217036, 1217068, 1217086, 1217095, 1217124, 1217140, 1217147, 1217195, 1217196, 1217200, 1217205, 1217332, 1217366, 1217511, 1217515, 1217598, 1217599, 1217609, 1217687, 1217731, 1217780 CVE References: CVE-2023-2006, CVE-2023-25775, CVE-2023-39197, CVE-2023-39198, CVE-2023-4244, CVE-2023-45863, CVE-2023-45871, CVE-2023-46862, CVE-2023-5158, CVE-2023-5633, CVE-2023-5717, CVE-2023-6039, CVE-2023-6176 Jira References: PED-3184, PED-5021, PED-7237 Sources used: openSUSE Leap 15.5 (src): kernel-syms-azure-5.14.21-150500.33.26.1, kernel-source-azure-5.14.21-150500.33.26.1 Public Cloud Module 15-SP5 (src): kernel-syms-azure-5.14.21-150500.33.26.1, kernel-source-azure-5.14.21-150500.33.26.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:4730-1: An update that solves 13 vulnerabilities, contains three features and has 38 security fixes can now be installed. Category: security (important) Bug References: 1084909, 1207948, 1210447, 1214286, 1214700, 1214840, 1214976, 1215123, 1215124, 1215292, 1215420, 1215458, 1215710, 1215802, 1215931, 1216058, 1216105, 1216259, 1216527, 1216584, 1216687, 1216693, 1216759, 1216788, 1216844, 1216861, 1216909, 1216959, 1216965, 1216976, 1217036, 1217068, 1217086, 1217095, 1217124, 1217140, 1217147, 1217195, 1217196, 1217200, 1217205, 1217332, 1217366, 1217511, 1217515, 1217598, 1217599, 1217609, 1217687, 1217731, 1217780 CVE References: CVE-2023-2006, CVE-2023-25775, CVE-2023-39197, CVE-2023-39198, CVE-2023-4244, CVE-2023-45863, CVE-2023-45871, CVE-2023-46862, CVE-2023-5158, CVE-2023-5633, CVE-2023-5717, CVE-2023-6039, CVE-2023-6176 Jira References: PED-3184, PED-5021, PED-7237 Sources used: openSUSE Leap 15.5 (src): kernel-syms-5.14.21-150500.55.39.1, kernel-source-5.14.21-150500.55.39.1, kernel-livepatch-SLE15-SP5_Update_8-1-150500.11.3.1, kernel-obs-build-5.14.21-150500.55.39.1, kernel-obs-qa-5.14.21-150500.55.39.1, kernel-default-base-5.14.21-150500.55.39.1.150500.6.17.1 SUSE Linux Enterprise Micro 5.5 (src): kernel-default-base-5.14.21-150500.55.39.1.150500.6.17.1 Basesystem Module 15-SP5 (src): kernel-source-5.14.21-150500.55.39.1, kernel-default-base-5.14.21-150500.55.39.1.150500.6.17.1 Development Tools Module 15-SP5 (src): kernel-source-5.14.21-150500.55.39.1, kernel-syms-5.14.21-150500.55.39.1, kernel-obs-build-5.14.21-150500.55.39.1 SUSE Linux Enterprise Live Patching 15-SP5 (src): kernel-livepatch-SLE15-SP5_Update_8-1-150500.11.3.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.