CVE-2023-33951 — MEDIUM (6.7)

Q: How severe is CVE-2023-33951?

CVE-2023-33951 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-33951?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Redhat Enterprise Linux, Redhat Enterprise Linux For Real Time, Redhat Enterprise Linux For Real Time For Nfv.

Vulnerability Description

A race condition vulnerability was found in the vmwgfx driver in the Linux kernel. The flaw exists within the handling of GEM objects. The issue results from improper locking when performing operations on an object. This flaw allows a local privileged user to disclose information in the context of the kernel.

CVSS Score

6.7

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

LOW

Affected Products

Vendor	Product	Versions
Linux	Linux Kernel	<= 6.3.9
Redhat	Enterprise Linux	8.0
Redhat	Enterprise Linux For Real Time	8.0
Redhat	Enterprise Linux For Real Time For Nfv	8.0

Related Weaknesses (CWE)

CWE-362 CWE-667 CWE-413

References

https://access.redhat.com/errata/RHSA-2023:6583Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:6901Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7077Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:1404
https://access.redhat.com/errata/RHSA-2024:4823
https://access.redhat.com/errata/RHSA-2024:4831
https://access.redhat.com/security/cve/CVE-2023-33951Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2218195Issue TrackingPatch
https://www.zerodayinitiative.com/advisories/ZDI-CAN-20110/Third Party AdvisoryVDB Entry
https://access.redhat.com/errata/RHSA-2023:6583Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:6901Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7077Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:1404
https://access.redhat.com/errata/RHSA-2024:4823
https://access.redhat.com/errata/RHSA-2024:4831

FAQ

What is CVE-2023-33951?

CVE-2023-33951 is a vulnerability with a CVSS score of 6.7 (MEDIUM). A race condition vulnerability was found in the vmwgfx driver in the Linux kernel. The flaw exists within the handling of GEM objects. The issue results from improper locking when performing operation...

How severe is CVE-2023-33951?

CVE-2023-33951 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-33951?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Redhat Enterprise Linux, Redhat Enterprise Linux For Real Time, Redhat Enterprise Linux For Real Time For Nfv.