CVE-2023-5633: 
Linux Kernel vulnerability analysis and mitigation

CVE-2023-5633 is a use-after-free vulnerability discovered in the VMware Virtual GPU DRM driver of the Linux kernel. The flaw was exposed by reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes, affecting how memory objects are handled when being used to store a surface. This vulnerability was disclosed on October 23, 2023, and affects Linux kernel versions up to 6.6-rc6 (NVD, Ubuntu).

The vulnerability is a use-after-free flaw in the vmwgfx driver's surface handling mechanism. The issue arose from reference counting problems introduced by previous security fixes. The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (Red Hat).

When running inside a VMware guest with 3D acceleration enabled, a local unprivileged user could potentially exploit this vulnerability to escalate their privileges on the system (Red Hat).

The vulnerability has been fixed in Linux kernel version 6.6-rc6. Multiple vendors have released security updates to address this issue, including Red Hat Enterprise Linux through various security advisories (RHSA-2024:0113, RHSA-2024:0134, RHSA-2024:0461, RHSA-2024:1404) (Red Hat).