The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface. When running inside a VMware guest with 3D acceleration enabled, a local, unprivileged user could potentially use this flaw to escalate their privileges.
5.3.0-18.195.3.0-24.265.4.0-9.126.5.0-9.96.6.0-14.145.13.0-19.195.19.0-1007.7~22.04.15.19.0-1009.9~22.04.15.19.0-1010.10~22.04.15.19.0-1011.11~22.04.15.19.0-1012.12~22.04.15.19.0-1013.13~22.04.15.19.0-1014.14~22.04.15.19.0-1015.15~22.04.16.5.0-1008.86.6.0-1001.15.3.0-1003.35.3.0-1008.95.3.0-1009.105.3.0-1010.115.4.0-1005.55.13.0-1005.65.0.0-1021.24~18.04.15.0.0-1022.25~18.04.15.0.0-1023.26~18.04.15.0.0-1024.27~18.04.15.0.0-1025.285.0.0-1027.305.11.0-1009.9~20.04.25.11.0-1014.15~20.04.15.11.0-1016.17~20.04.15.11.0-1017.18~20.04.15.11.0-1019.20~20.04.15.11.0-1020.21~20.04.25.11.0-1021.22~20.04.25.11.0-1022.23~20.04.15.11.0-1023.24~20.04.15.11.0-1025.27~20.04.1+2 more5.13.0-1008.9~20.04.25.13.0-1011.12~20.04.15.13.0-1012.13~20.04.15.13.0-1014.15~20.04.15.13.0-1017.19~20.04.15.13.0-1019.21~20.04.15.13.0-1021.23~20.04.25.13.0-1022.24~20.04.15.13.0-1023.25~20.04.15.13.0-1025.27~20.04.1+3 moreExploitability
AV:LAC:LPR:LUI:NScope
S:UImpact
C:HI:HA:HCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H