CVE-2023-5633

Q: What is the severity of CVE-2023-5633?

CVE-2023-5633 has a CVSS score of 7.8 (HIGH). CVE-2023-5633 is a use-after-free vulnerability in VMware's 3D acceleration memory handling that allows local unprivileged users within a VMware guest virtual machine to escalate privileges. This affects VMware guests with 3D acceleration enabled. The vulnerability was introduced by previous security patches.

7.8 HIGH

📋 TL;DR

CVE-2023-5633 is a use-after-free vulnerability in VMware's 3D acceleration memory handling that allows local unprivileged users within a VMware guest virtual machine to escalate privileges. This affects VMware guests with 3D acceleration enabled. The vulnerability was introduced by previous security patches.

💻 Affected Systems

Products:

VMware Workstation
VMware Fusion
VMware ESXi (with 3D acceleration enabled)

Versions: Versions with CVE-2023-33951 and CVE-2023-33952 fixes applied, prior to CVE-2023-5633 patches

Operating Systems: Linux, Windows, macOS guest VMs

Default Config Vulnerable: ✅ No

Notes: Only vulnerable when 3D acceleration is enabled in VMware guest settings. The vulnerability was introduced by previous security patches.

📦 What is this software?

Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions by Redhat

View all CVEs affecting Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions →

Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions by Redhat

View all CVEs affecting Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions →

Enterprise Linux Server Tus by Redhat

View all CVEs affecting Enterprise Linux Server Tus →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

Learn more about Linux Kernel →

Linux Kernel by Linux

Learn more about Linux Kernel →

Linux Kernel by Linux

Learn more about Linux Kernel →

Linux Kernel by Linux

Learn more about Linux Kernel →

Linux Kernel by Linux

Learn more about Linux Kernel →

Linux Kernel by Linux

Learn more about Linux Kernel →

Linux Kernel by Linux

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local privilege escalation to root/admin within the guest VM, potentially leading to full compromise of the virtual machine and lateral movement to other systems.

🟠

Likely Case

Local privilege escalation within the guest VM, allowing attackers to gain elevated permissions and potentially install malware or access sensitive data.

🟢

If Mitigated

No impact if 3D acceleration is disabled or patches are applied; limited to local attacks within already-compromised guest VMs.

🌐 Internet-Facing: LOW - This is a local vulnerability requiring access to the guest VM, not directly exploitable over the network.

🏢 Internal Only: MEDIUM - While requiring local access, compromised internal users or malware could exploit this to escalate privileges within VMware environments.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access to guest VM and 3D acceleration enabled. The use-after-free condition makes exploitation non-trivial but feasible for skilled attackers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: VMware Workstation 17.5.1, VMware Fusion 13.5.1, ESXi updates per vendor advisories

Vendor Advisory: https://access.redhat.com/errata/RHSA-2024:0113

Restart Required: Yes

Instructions:

1. Check current VMware version. 2. Download appropriate patch from VMware website. 3. Apply patch following vendor instructions. 4. Restart affected VMware products and guest VMs.

🔧 Temporary Workarounds

Disable 3D Acceleration

all

Disable 3D acceleration in VMware guest settings to prevent exploitation

In VMware settings: VM > Settings > Display > Uncheck 'Accelerate 3D graphics'

🧯 If You Can't Patch

Disable 3D acceleration on all VMware guest VMs
Implement strict access controls to limit who can access VMware guest VMs

🔍 How to Verify

Check if Vulnerable:

Check VMware version and verify if 3D acceleration is enabled in guest settings. Vulnerable if running affected versions with 3D acceleration enabled.

Check Version:

On host: vmware --version (Linux/macOS) or Help > About VMware Workstation (Windows)

Verify Fix Applied:

Verify VMware product version is patched (Workstation 17.5.1+, Fusion 13.5.1+, ESXi updated) and check that patches are applied.

📡 Detection & Monitoring

Log Indicators:

Unusual privilege escalation events in guest OS logs
VMware tools/service errors related to 3D acceleration

Network Indicators:

No network indicators - local vulnerability only

SIEM Query:

Event logs showing privilege escalation from low to high privilege accounts within VMware guest VMs

📊 Metadata

CVE ID: CVE-2023-5633

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-911

Published: October 23, 2023

Last Updated: February 25, 2026

🔗 References

https://access.redhat.com/errata/RHSA-2024:0113 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0134 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0461 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:1404 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:4823 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:4831 Third Party Advisory
https://access.redhat.com/security/cve/CVE-2023-5633 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2245663 Issue Tracking,Patch
https://access.redhat.com/errata/RHSA-2024:0113 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0134 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0461 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:1404 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:4823 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:4831 Third Party Advisory
https://access.redhat.com/security/cve/CVE-2023-5633 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2245663 Issue Tracking,Patch

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Codeready Linux Builder by Redhat

Codeready Linux Builder by Redhat

Codeready Linux Builder Eus by Redhat

Codeready Linux Builder Eus by Redhat

Codeready Linux Builder Eus by Redhat

Codeready Linux Builder For Arm64 by Redhat

Codeready Linux Builder For Arm64 by Redhat

Codeready Linux Builder For Arm64 Eus by Redhat

Codeready Linux Builder For Arm64 Eus by Redhat

Codeready Linux Builder For Arm64 Eus by Redhat

Codeready Linux Builder For Ibm Z Systems by Redhat

Codeready Linux Builder For Ibm Z Systems Eus by Redhat

Codeready Linux Builder For Ibm Z Systems Eus by Redhat

Codeready Linux Builder For Power Little Endian by Redhat

Codeready Linux Builder For Power Little Endian by Redhat

Codeready Linux Builder For Power Little Endian Eus by Redhat

Codeready Linux Builder For Power Little Endian Eus by Redhat

Codeready Linux Builder For Power Little Endian Eus by Redhat

Enterprise Linux by Redhat

Enterprise Linux by Redhat

Enterprise Linux Eus by Redhat

Enterprise Linux Eus by Redhat

Enterprise Linux Eus by Redhat

Enterprise Linux For Arm 64 by Redhat

Enterprise Linux For Arm 64 by Redhat

Enterprise Linux For Arm 64 Eus by Redhat

Enterprise Linux For Arm 64 Eus by Redhat

Enterprise Linux For Arm 64 Eus by Redhat

Enterprise Linux For Ibm Z Systems by Redhat

Enterprise Linux For Ibm Z Systems by Redhat

Enterprise Linux For Ibm Z Systems Eus by Redhat

Enterprise Linux For Ibm Z Systems Eus by Redhat

Enterprise Linux For Ibm Z Systems Eus by Redhat

Enterprise Linux For Power Little Endian by Redhat

Enterprise Linux For Power Little Endian by Redhat

Enterprise Linux For Power Little Endian Eus by Redhat

Enterprise Linux For Power Little Endian Eus by Redhat

Enterprise Linux For Real Time by Redhat

Enterprise Linux For Real Time by Redhat

Enterprise Linux For Real Time For Nfv by Redhat

Enterprise Linux For Real Time For Nfv by Redhat

Enterprise Linux Server Aus by Redhat

Enterprise Linux Server Aus by Redhat

Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions by Redhat

Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions by Redhat

Enterprise Linux Server Tus by Redhat

Linux Kernel by Linux

Linux Kernel by Linux

Linux Kernel by Linux

Linux Kernel by Linux

Linux Kernel by Linux

Linux Kernel by Linux

Linux Kernel by Linux

Linux Kernel by Linux

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable 3D Acceleration

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities