CVE-2023-33951

A race condition vulnerability was found in the vmwgfx driver in the Linux kernel. The flaw exists within the handling of GEM objects. The issue results from improper locking when performing operations on an object. This flaw allows a local privileged user to disclose information in the context of the kernel.

Published: Jul 24, 2023
Updated: Aug 3, 2023
CVE: CVE-2023-33951
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.3
AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N

CWEs:

CWE-362
CWE-667

Affected Software
References

Software	From	Fixed in
linux / linux_kernel	-	6.3.9.x
redhat / enterprise_linux	8.0	8.0.x
redhat / enterprise_linux	9.0	9.0.x
redhat / enterprise_linux_for_real_time	8.0	8.0.x
redhat / enterprise_linux_for_real_time_for_nfv	8.0	8.0.x

https://access.redhat.com/errata/RHSA-2023:6583
https://access.redhat.com/errata/RHSA-2023:6901
https://access.redhat.com/errata/RHSA-2023:7077
https://access.redhat.com/errata/RHSA-2024:1404
https://access.redhat.com/errata/RHSA-2024:4823
https://access.redhat.com/errata/RHSA-2024:4831
https://access.redhat.com/security/cve/CVE-2023-33951
https://bugzilla.redhat.com/show_bug.cgi?id=2218195
https://www.zerodayinitiative.com/advisories/ZDI-CAN-20110/

Vulnerability Database

289,599

CVE-2023-33951