CVE-2023-33951

A race condition vulnerability was found in the vmwgfx driver in the Linux kernel. The flaw exists within the handling of GEM objects. The issue results from improper locking when performing operations on an object. This flaw allows a local privileged user to disclose information in the context of the kernel.
Configurations

Configuration 1 (hide)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_real_time:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv:8.0:*:*:*:*:*:*:*

History

24 Jul 2024, 16:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:4823 -
  • () https://access.redhat.com/errata/RHSA-2024:4831 -

19 Mar 2024, 23:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:1404 -

28 Dec 2023, 14:39

Type Values Removed Values Added
CPE cpe:2.3:o:redhat:enterprise_linux_for_real_time:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv:8.0:*:*:*:*:*:*:*
First Time Redhat enterprise Linux For Real Time
Redhat enterprise Linux For Real Time For Nfv
References () https://access.redhat.com/errata/RHSA-2023:6583 - () https://access.redhat.com/errata/RHSA-2023:6583 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2023:6901 - () https://access.redhat.com/errata/RHSA-2023:6901 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2023:7077 - () https://access.redhat.com/errata/RHSA-2023:7077 - Third Party Advisory

14 Nov 2023, 21:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2023:7077 -
  • () https://access.redhat.com/errata/RHSA-2023:6901 -

07 Nov 2023, 14:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2023:6583 -

02 Aug 2023, 15:12

Type Values Removed Values Added
First Time Linux linux Kernel
Linux
Redhat
Redhat enterprise Linux
CWE CWE-362
CWE-667
References (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2218195 - (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2218195 - Issue Tracking, Patch
References (MISC) https://www.zerodayinitiative.com/advisories/ZDI-CAN-20110/ - (MISC) https://www.zerodayinitiative.com/advisories/ZDI-CAN-20110/ - Third Party Advisory, VDB Entry
References (MISC) https://access.redhat.com/security/cve/CVE-2023-33951 - (MISC) https://access.redhat.com/security/cve/CVE-2023-33951 - Third Party Advisory
CPE cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.3

24 Jul 2023, 16:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-07-24 16:15

Updated : 2024-07-24 16:15


NVD link : CVE-2023-33951

Mitre link : CVE-2023-33951

CVE.ORG link : CVE-2023-33951


JSON object : View

Products Affected

linux

  • linux_kernel

redhat

  • enterprise_linux_for_real_time_for_nfv
  • enterprise_linux
  • enterprise_linux_for_real_time
CWE
CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CWE-667

Improper Locking

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor