CVE-2023-33951

CWE-413 CWE-362 — Race Condition CWE-667 CWE-200 — Information Exposure CWE-9118 documents7 sources

Severity

5.3MEDIUM

EPSS

0.0%

top 99.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Redhat Enterprise Linux Redhat Enterprise Linux FOR Real Time +1 more

Timeline

PublishedJul 24

Latest updateSep 28

Description

A race condition vulnerability was found in the vmwgfx driver in the Linux kernel. The flaw exists within the handling of GEM objects. The issue results from improper locking when performing operations on an object. This flaw allows a local privileged user to disclose information in the context of the kernel.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:LExploitability: 1.5 | Impact: 4.7

Affected Packages2 packages

▶NVDlinux/linux_kernel6.3.9

▶Debianlinux< 6.1.15-1+2

Also affects: Enterprise Linux 8.0, 9.0

Patches

Patch: bugzilla.redhat.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

OSV

CVE-2023-33951: A race condition vulnerability was found in the vmwgfx driver in the Linux kernel↗2023-07-24

▶

CVEList

Kernel: vmwgfx: race condition leading to information disclosure vulnerability↗2023-07-24

▶

GHSA

GHSA-2764-3pqr-49w6: A race condition vulnerability was found in the vmwgfx driver in the Linux kernel↗2023-07-24

▶

📋Vendor Advisories

Red Hat

kernel: vmwgfx: reference count issue leads to use-after-free in surface handling↗2023-09-28

▶

Microsoft

Kernel: vmwgfx: race condition leading to information disclosure vulnerability↗2023-07-11

▶

Red Hat

kernel: vmwgfx: race condition leading to information disclosure vulnerability↗2023-02-15

▶

Debian

CVE-2023-33951: linux - A race condition vulnerability was found in the vmwgfx driver in the Linux kerne...↗2023

▶