What is CVE-2023-5633?

CVE-2023-5633 is a high-severity vulnerability in Linux Linux_kernel, classified under CWE-911. CVSS score: 7.8/10. Published 2023-10-23.

How severe is CVE-2023-5633?

High severity. CVSS v3 base score is 7.8 out of 10.

Is CVE-2023-5633 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Use After Free in Linux Linux_kernel

CVE-2023-5633

The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface. When running inside a VMware guest w…

EPSS: 0.003 (19.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.8 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Linux Linux_kernel — versions 6.6
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 8 — versions 0:4.18.0-513.11.1.rt7.313.el8_9, 0:4.18.0-513.11.1.el8_9
Red Hat Enterprise Linux 8.8 Extended Update Support — versions 0:4.18.0-477.51.1.el8_8
Red Hat Enterprise Linux 9 — versions 0:5.14.0-362.18.1.el9_3
Red Hat Enterprise Linux 9.2 Extended Update Support — versions 0:5.14.0-284.75.1.el9_2, 0:5.14.0-284.75.1.rt14.360.el9_2
Redhat Codeready_linux_builder — versions 8.0, 9.0
Redhat Codeready_linux_builder_eus — versions 8.8, 9.2, 9.4
Redhat Codeready_linux_builder_for_arm64 — versions 8.0_aarch64, 9.0_aarch64

Weakness classification (CWE)

Public proof-of-concept exploits

References

secalert@redhat.com (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
secalert@redhat.com (x_refsource_REDHAT, Third Party Advisory, vdb-entry)
secalert@redhat.com (x_refsource_REDHAT, issue-tracking, Patch, Issue Tracking)

Frequently asked questions

What is CVE-2023-5633?: CVE-2023-5633 is a high-severity vulnerability in Linux Linux_kernel, classified under CWE-911. CVSS score: 7.8/10. Published 2023-10-23.
How severe is CVE-2023-5633?: High severity. CVSS v3 base score is 7.8 out of 10.
Is CVE-2023-5633 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.