Use After Free Affecting rtla package, versions <0:5.14.0-362.18.1.el9_3
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-ORACLE9-RTLA-6418631
- published 8 Mar 2024
- disclosed 23 Oct 2023
Introduced: 23 Oct 2023
CVE-2023-5633 Open this link in a new tabHow to fix?
Upgrade Oracle:9 rtla to version 0:5.14.0-362.18.1.el9_3 or higher.
This issue was patched in ELSA-2024-0461.
NVD Description
Note: Versions mentioned in the description apply only to the upstream rtla package and not the rtla package as distributed by Oracle.
See How to fix? for Oracle:9 relevant fixed versions and status.
The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface. When running inside a VMware guest with 3D acceleration enabled, a local, unprivileged user could potentially use this flaw to escalate their privileges.
References
- https://linux.oracle.com/cve/CVE-2023-5633.html
- https://linux.oracle.com/errata/ELSA-2024-0461.html
- https://access.redhat.com/security/cve/CVE-2023-5633
- https://bugzilla.redhat.com/show_bug.cgi?id=2245663
- https://access.redhat.com/errata/RHSA-2024:0113
- https://access.redhat.com/errata/RHSA-2024:0134
- https://access.redhat.com/errata/RHSA-2024:0461
- https://access.redhat.com/errata/RHSA-2024:1404
- https://access.redhat.com/errata/RHSA-2024:4823
- https://access.redhat.com/errata/RHSA-2024:4831