The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface. When running inside a VMware guest with 3D acceleration enabled, a local, unprivileged user could potentially use this flaw to escalate their privileges. CREATE(Triage):(User=admin) CVE-2023-5633 (https://nvd.nist.gov/vuln/detail/CVE-2023-5633)
