The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface. When running inside a VMware guest with 3D acceleration enabled, a local, unprivileged user could potentially use this flaw to escalate their privileges.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HLinux Kernel
OSLinux6.66.1.13 – 6.1.75 (bez)6.2 – 6.5.8 (bez)Red Hat Codeready Linux Builder
APPRedhat8.09.0Red Hat Codeready Linux Builder Eus
APPRedhat8.89.29.4Red Hat Codeready Linux Builder For Arm64
APPRedhat8.0_aarch649.0_aarch64Red Hat Codeready Linux Builder For Arm64 Eus
APPRedhat8.8_aarch649.2_aarch649.4_aarch64Red Hat Codeready Linux Builder For IBM Z Systems
APPRedhat9.0_s390xRed Hat Codeready Linux Builder For IBM Z Systems Eus
APPRedhat9.2_s390x9.4_s390xRed Hat Codeready Linux Builder For Power Little Endian
APPRedhat8.0_ppc64le9.0_ppc64leRed Hat Codeready Linux Builder For Power Little Endian Eus
APPRedhat8.8_ppc64le9.2_ppc64le9.4_ppc64leRed Hat Enterprise Linux
OSRedhat8.09.0Red Hat Enterprise Linux Eus
OSRedhat8.89.29.4Red Hat Enterprise Linux For Arm 64
OSRedhat8.0_aarch649.0_aarch64Red Hat Enterprise Linux For Arm 64 Eus
OSRedhat8.8_aarch649.2_aarch649.4_aarch64Red Hat Enterprise Linux For IBM Z Systems
OSRedhat8.0_s390x9.0_s390xRed Hat Enterprise Linux For IBM Z Systems Eus
OSRedhat8.8_s390x9.2_s390x9.4_s390xRed Hat Enterprise Linux For Power Little Endian
OSRedhat8.0_ppc64le9.0_ppc64leRed Hat Enterprise Linux For Power Little Endian Eus
OSRedhat9.2_ppc64le9.4_ppc64leRed Hat Enterprise Linux For Real Time
OSRedhat8.09.0Red Hat Enterprise Linux For Real Time For Nfv
OSRedhat8.09.0Red Hat Enterprise Linux Server Aus
OSRedhat9.29.4Red Hat Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions
OSRedhat8.89.2_ppc64leRed Hat Enterprise Linux Server Tus
OSRedhat8.8
Related vulnerabilities
Type confusion w V8 (Google Chrome) — zdalne uszkodzenie sterty
Sudo: eskalacja uprawnień do root poprzez opcję --chroot (CVE-2025-32463)
Commvault Command Center – nieuwierzytelniony RCE przez path traversal w ZIP
IBM Aspera Faspex 4.4.2 Patch Level 1 and earlier could allow a remote attacker to execute arbitrary code on t...
VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-s...