Use-After-Free Vulnerability in VMware Guest with 3D Acceleration (CVE-2023-33951 and CVE-2023-33952)

Use-After-Free Vulnerability in VMware Guest with 3D Acceleration (CVE-2023-33951 and CVE-2023-33952)

CVE-2023-5633 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface. When running inside a VMware guest with 3D acceleration enabled, a local, unprivileged user could potentially use this flaw to escalate their privileges.

Learn more about our Cis Benchmark Audit For Vmware.