CVE-2023-33951

A race condition vulnerability was found in the vmwgfx driver in the Linux kernel. The flaw exists within the handling of GEM objects. The issue results from improper locking when performing operations on an object. This flaw allows a local privileged user to disclose information in the context of the kernel.
Configurations

Configuration 1 (hide)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_real_time:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv:8.0:*:*:*:*:*:*:*

History

21 Nov 2024, 08:06

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 5.3
v2 : unknown
v3 : 6.7
Summary
  • (es) Se encontró una vulnerabilidad de condición de ejecución en el controlador vmwgfx del kernel de Linux. El fallo existe en el manejo de objetos GEM. El problema se debe a un bloqueo inadecuado al realizar operaciones en un objeto. Este fallo permite que un usuario local privilegiado revele información en el contexto del kernel.
References () https://access.redhat.com/errata/RHSA-2023:6583 - Third Party Advisory () https://access.redhat.com/errata/RHSA-2023:6583 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2023:6901 - Third Party Advisory () https://access.redhat.com/errata/RHSA-2023:6901 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2023:7077 - Third Party Advisory () https://access.redhat.com/errata/RHSA-2023:7077 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2024:1404 - () https://access.redhat.com/errata/RHSA-2024:1404 -
References () https://access.redhat.com/errata/RHSA-2024:4823 - () https://access.redhat.com/errata/RHSA-2024:4823 -
References () https://access.redhat.com/errata/RHSA-2024:4831 - () https://access.redhat.com/errata/RHSA-2024:4831 -
References () https://access.redhat.com/security/cve/CVE-2023-33951 - Third Party Advisory () https://access.redhat.com/security/cve/CVE-2023-33951 - Third Party Advisory
References () https://bugzilla.redhat.com/show_bug.cgi?id=2218195 - Issue Tracking, Patch () https://bugzilla.redhat.com/show_bug.cgi?id=2218195 - Issue Tracking, Patch
References () https://www.zerodayinitiative.com/advisories/ZDI-CAN-20110/ - Third Party Advisory, VDB Entry () https://www.zerodayinitiative.com/advisories/ZDI-CAN-20110/ - Third Party Advisory, VDB Entry

24 Jul 2024, 16:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:4823 -
  • () https://access.redhat.com/errata/RHSA-2024:4831 -

19 Mar 2024, 23:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:1404 -

28 Dec 2023, 14:39

Type Values Removed Values Added
First Time Redhat enterprise Linux For Real Time
Redhat enterprise Linux For Real Time For Nfv
References () https://access.redhat.com/errata/RHSA-2023:6583 - () https://access.redhat.com/errata/RHSA-2023:6583 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2023:6901 - () https://access.redhat.com/errata/RHSA-2023:6901 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2023:7077 - () https://access.redhat.com/errata/RHSA-2023:7077 - Third Party Advisory
CPE cpe:2.3:o:redhat:enterprise_linux_for_real_time:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv:8.0:*:*:*:*:*:*:*

14 Nov 2023, 21:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2023:7077 -
  • () https://access.redhat.com/errata/RHSA-2023:6901 -

07 Nov 2023, 14:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2023:6583 -

02 Aug 2023, 15:12

Type Values Removed Values Added
First Time Linux linux Kernel
Linux
Redhat
Redhat enterprise Linux
References (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2218195 - (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2218195 - Issue Tracking, Patch
References (MISC) https://www.zerodayinitiative.com/advisories/ZDI-CAN-20110/ - (MISC) https://www.zerodayinitiative.com/advisories/ZDI-CAN-20110/ - Third Party Advisory, VDB Entry
References (MISC) https://access.redhat.com/security/cve/CVE-2023-33951 - (MISC) https://access.redhat.com/security/cve/CVE-2023-33951 - Third Party Advisory
CWE CWE-362
CWE-667
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.3
CPE cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

24 Jul 2023, 16:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-07-24 16:15

Updated : 2024-11-21 08:06


NVD link : CVE-2023-33951

Mitre link : CVE-2023-33951

CVE.ORG link : CVE-2023-33951


JSON object : View

Products Affected

redhat

  • enterprise_linux_for_real_time_for_nfv
  • enterprise_linux
  • enterprise_linux_for_real_time

linux

  • linux_kernel
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CWE-667

Improper Locking