The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface. When running inside a VMware guest with 3D acceleration enabled, a local, unprivileged user could potentially use this flaw to escalate their privileges.
{ "binaries": [ { "binary_name": "linux-aws-6.5-cloud-tools-6.5.0-1010", "binary_version": "6.5.0-1010.10~22.04.1" }, { "binary_name": "linux-aws-6.5-headers-6.5.0-1010", "binary_version": "6.5.0-1010.10~22.04.1" }, { "binary_name": "linux-aws-6.5-tools-6.5.0-1010", "binary_version": "6.5.0-1010.10~22.04.1" }, { "binary_name": "linux-buildinfo-6.5.0-1010-aws", "binary_version": "6.5.0-1010.10~22.04.1" }, { "binary_name": "linux-cloud-tools-6.5.0-1010-aws", "binary_version": "6.5.0-1010.10~22.04.1" }, { "binary_name": "linux-headers-6.5.0-1010-aws", "binary_version": "6.5.0-1010.10~22.04.1" }, { "binary_name": "linux-image-unsigned-6.5.0-1010-aws", "binary_version": "6.5.0-1010.10~22.04.1" }, { "binary_name": "linux-image-unsigned-6.5.0-1010-aws-dbgsym", "binary_version": "6.5.0-1010.10~22.04.1" }, { "binary_name": "linux-modules-6.5.0-1010-aws", "binary_version": "6.5.0-1010.10~22.04.1" }, { "binary_name": "linux-modules-extra-6.5.0-1010-aws", "binary_version": "6.5.0-1010.10~22.04.1" }, { "binary_name": "linux-tools-6.5.0-1010-aws", "binary_version": "6.5.0-1010.10~22.04.1" } ], "priority_reason": "Local user with access to drm devices (video or render groups) can escalate privileges.", "availability": "No subscription required" }
{ "binaries": [ { "binary_name": "linux-azure-6.5-cloud-tools-6.5.0-1009", "binary_version": "6.5.0-1009.9~22.04.1" }, { "binary_name": "linux-azure-6.5-headers-6.5.0-1009", "binary_version": "6.5.0-1009.9~22.04.1" }, { "binary_name": "linux-azure-6.5-tools-6.5.0-1009", "binary_version": "6.5.0-1009.9~22.04.1" }, { "binary_name": "linux-buildinfo-6.5.0-1009-azure", "binary_version": "6.5.0-1009.9~22.04.1" }, { "binary_name": "linux-cloud-tools-6.5.0-1009-azure", "binary_version": "6.5.0-1009.9~22.04.1" }, { "binary_name": "linux-headers-6.5.0-1009-azure", "binary_version": "6.5.0-1009.9~22.04.1" }, { "binary_name": "linux-image-unsigned-6.5.0-1009-azure", "binary_version": "6.5.0-1009.9~22.04.1" }, { "binary_name": "linux-image-unsigned-6.5.0-1009-azure-dbgsym", "binary_version": "6.5.0-1009.9~22.04.1" }, { "binary_name": "linux-modules-6.5.0-1009-azure", "binary_version": "6.5.0-1009.9~22.04.1" }, { "binary_name": "linux-modules-extra-6.5.0-1009-azure", "binary_version": "6.5.0-1009.9~22.04.1" }, { "binary_name": "linux-modules-iwlwifi-6.5.0-1009-azure", "binary_version": "6.5.0-1009.9~22.04.1" }, { "binary_name": "linux-tools-6.5.0-1009-azure", "binary_version": "6.5.0-1009.9~22.04.1" } ], "priority_reason": "Local user with access to drm devices (video or render groups) can escalate privileges.", "availability": "No subscription required" }
{ "binaries": [ { "binary_name": "linux-buildinfo-6.5.0-1007-nvidia", "binary_version": "6.5.0-1007.7" }, { "binary_name": "linux-buildinfo-6.5.0-1007-nvidia-64k", "binary_version": "6.5.0-1007.7" }, { "binary_name": "linux-headers-6.5.0-1007-nvidia", "binary_version": "6.5.0-1007.7" }, { "binary_name": "linux-headers-6.5.0-1007-nvidia-64k", "binary_version": "6.5.0-1007.7" }, { "binary_name": "linux-image-unsigned-6.5.0-1007-nvidia", "binary_version": "6.5.0-1007.7" }, { "binary_name": "linux-image-unsigned-6.5.0-1007-nvidia-64k", "binary_version": "6.5.0-1007.7" }, { "binary_name": "linux-image-unsigned-6.5.0-1007-nvidia-64k-dbgsym", "binary_version": "6.5.0-1007.7" }, { "binary_name": "linux-image-unsigned-6.5.0-1007-nvidia-dbgsym", "binary_version": "6.5.0-1007.7" }, { "binary_name": "linux-modules-6.5.0-1007-nvidia", "binary_version": "6.5.0-1007.7" }, { "binary_name": "linux-modules-6.5.0-1007-nvidia-64k", "binary_version": "6.5.0-1007.7" }, { "binary_name": "linux-modules-extra-6.5.0-1007-nvidia", "binary_version": "6.5.0-1007.7" }, { "binary_name": "linux-modules-ipu6-6.5.0-1007-nvidia", "binary_version": "6.5.0-1007.7" }, { "binary_name": "linux-modules-ivsc-6.5.0-1007-nvidia", "binary_version": "6.5.0-1007.7" }, { "binary_name": "linux-modules-iwlwifi-6.5.0-1007-nvidia", "binary_version": "6.5.0-1007.7" }, { "binary_name": "linux-nvidia-6.5-headers-6.5.0-1007", "binary_version": "6.5.0-1007.7" }, { "binary_name": "linux-nvidia-6.5-tools-6.5.0-1007", "binary_version": "6.5.0-1007.7" }, { "binary_name": "linux-nvidia-6.5-tools-host", "binary_version": "6.5.0-1007.7" }, { "binary_name": "linux-tools-6.5.0-1007-nvidia", "binary_version": "6.5.0-1007.7" }, { "binary_name": "linux-tools-6.5.0-1007-nvidia-64k", "binary_version": "6.5.0-1007.7" } ], "priority_reason": "Local user with access to drm devices (video or render groups) can escalate privileges.", "availability": "No subscription required" }
{ "binaries": [ { "binary_name": "linux-buildinfo-6.1.0-1035-oem", "binary_version": "6.1.0-1035.35" }, { "binary_name": "linux-headers-6.1.0-1035-oem", "binary_version": "6.1.0-1035.35" }, { "binary_name": "linux-image-unsigned-6.1.0-1035-oem", "binary_version": "6.1.0-1035.35" }, { "binary_name": "linux-image-unsigned-6.1.0-1035-oem-dbgsym", "binary_version": "6.1.0-1035.35" }, { "binary_name": "linux-modules-6.1.0-1035-oem", "binary_version": "6.1.0-1035.35" }, { "binary_name": "linux-modules-ipu6-6.1.0-1035-oem", "binary_version": "6.1.0-1035.35" }, { "binary_name": "linux-modules-ivsc-6.1.0-1035-oem", "binary_version": "6.1.0-1035.35" }, { "binary_name": "linux-modules-iwlwifi-6.1.0-1035-oem", "binary_version": "6.1.0-1035.35" }, { "binary_name": "linux-oem-6.1-headers-6.1.0-1035", "binary_version": "6.1.0-1035.35" }, { "binary_name": "linux-oem-6.1-tools-6.1.0-1035", "binary_version": "6.1.0-1035.35" }, { "binary_name": "linux-oem-6.1-tools-host", "binary_version": "6.1.0-1035.35" }, { "binary_name": "linux-tools-6.1.0-1035-oem", "binary_version": "6.1.0-1035.35" } ], "priority_reason": "Local user with access to drm devices (video or render groups) can escalate privileges.", "availability": "No subscription required" }
{ "binaries": [ { "binary_name": "linux-buildinfo-6.5.0-1008-oem", "binary_version": "6.5.0-1008.8" }, { "binary_name": "linux-headers-6.5.0-1008-oem", "binary_version": "6.5.0-1008.8" }, { "binary_name": "linux-image-unsigned-6.5.0-1008-oem", "binary_version": "6.5.0-1008.8" }, { "binary_name": "linux-image-unsigned-6.5.0-1008-oem-dbgsym", "binary_version": "6.5.0-1008.8" }, { "binary_name": "linux-modules-6.5.0-1008-oem", "binary_version": "6.5.0-1008.8" }, { "binary_name": "linux-modules-ipu6-6.5.0-1008-oem", "binary_version": "6.5.0-1008.8" }, { "binary_name": "linux-modules-ivsc-6.5.0-1008-oem", "binary_version": "6.5.0-1008.8" }, { "binary_name": "linux-modules-iwlwifi-6.5.0-1008-oem", "binary_version": "6.5.0-1008.8" }, { "binary_name": "linux-oem-6.5-headers-6.5.0-1008", "binary_version": "6.5.0-1008.8" }, { "binary_name": "linux-oem-6.5-lib-rust-6.5.0-1008-oem", "binary_version": "6.5.0-1008.8" }, { "binary_name": "linux-oem-6.5-tools-6.5.0-1008", "binary_version": "6.5.0-1008.8" }, { "binary_name": "linux-oem-6.5-tools-host", "binary_version": "6.5.0-1008.8" }, { "binary_name": "linux-tools-6.5.0-1008-oem", "binary_version": "6.5.0-1008.8" } ], "priority_reason": "Local user with access to drm devices (video or render groups) can escalate privileges.", "availability": "No subscription required" }
{ "binaries": [ { "binary_name": "linux-buildinfo-6.7.0-1001-raspi", "binary_version": "6.7.0-1001.1" }, { "binary_name": "linux-headers-6.7.0-1001-raspi", "binary_version": "6.7.0-1001.1" }, { "binary_name": "linux-image-6.7.0-1001-raspi", "binary_version": "6.7.0-1001.1" }, { "binary_name": "linux-image-6.7.0-1001-raspi-dbgsym", "binary_version": "6.7.0-1001.1" }, { "binary_name": "linux-modules-6.7.0-1001-raspi", "binary_version": "6.7.0-1001.1" }, { "binary_name": "linux-raspi-headers-6.7.0-1001", "binary_version": "6.7.0-1001.1" }, { "binary_name": "linux-raspi-tools-6.7.0-1001", "binary_version": "6.7.0-1001.1" }, { "binary_name": "linux-tools-6.7.0-1001-raspi", "binary_version": "6.7.0-1001.1" } ], "priority_reason": "Local user with access to drm devices (video or render groups) can escalate privileges.", "availability": "No subscription required" }