Improper Update of Reference Count

CVE-2023-5633

High

7.8/10

Summary

The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface. When running inside a VMware guest with 3D acceleration enabled, a local, unprivileged user could potentially use this flaw to escalate their privileges.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-911 - Improper Update of Reference Count

The software uses a reference count to manage a resource, but it does not update or incorrectly updates the reference count.

References

Advisory Timeline

Published Oct 23, 2023

Improper Update of Reference Count

CVE-2023-5633

Summary

CWE-911 - Improper Update of Reference Count

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS