Bug 7870 - [Anolis OS 8] Bugfix for CVE-2023-5633
Summary: [Anolis OS 8] Bugfix for CVE-2023-5633
Status: NEW
Alias: None
Product: Anolis OS 8
Classification: Anolis OS
Component: BaseOS Packages (show other bugs) BaseOS Packages
Version: 8.6
Hardware: All Linux
: P2-High S2-major
Target Milestone: ---
Assignee: ljubomir
QA Contact: shuming
URL:
Whiteboard:
Keywords: CVE
Depends on:
Blocks:
 
Reported: 2024-01-11 10:29 UTC by 小龙
Modified: 2024-01-12 13:55 UTC (History)
0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description 小龙 admin 2024-01-11 10:29:14 UTC 
Description:
The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface. When running inside a VMware guest with 3D acceleration enabled, a local, unprivileged user could potentially use this flaw to escalate their privileges.

Broken commit info:
https://git.kernel.org/linus/a950b989ea29ab3b38ea7f6e3d2540700a3c54e8

Bugfix commit info:
https://bugzilla.redhat.com/show_bug.cgi?id=2245663
https://access.redhat.com/security/cve/CVE-2023-5633
https://git.kernel.org/linus/91398b413d03660fd5828f7b4abc64e884b98069
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=1474b39f961703d0bb33833a6d6b112826839781
https://github.com/torvalds/linux/commit/91398b413d03660fd5828f7b4abc64e884b98069