CVE-2023-33952 — MEDIUM (6.7)

Q: How severe is CVE-2023-33952?

CVE-2023-33952 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-33952?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Redhat Enterprise Linux, Redhat Enterprise Linux For Real Time, Redhat Enterprise Linux For Real Time For Nfv.

Vulnerability Description

A double-free vulnerability was found in handling vmw_buffer_object objects in the vmwgfx driver in the Linux kernel. This issue occurs due to the lack of validating the existence of an object prior to performing further free operations on the object, which may allow a local privileged user to escalate privileges and execute code in the context of the kernel.

CVSS Score

6.7

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Linux	Linux Kernel	<= 6.3.9
Redhat	Enterprise Linux	8.0
Redhat	Enterprise Linux For Real Time	8.0
Redhat	Enterprise Linux For Real Time For Nfv	8.0

Related Weaknesses (CWE)

CWE-415

References

https://access.redhat.com/errata/RHSA-2023:6583Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:6901Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7077Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:1404
https://access.redhat.com/errata/RHSA-2024:4823
https://access.redhat.com/errata/RHSA-2024:4831
https://access.redhat.com/security/cve/CVE-2023-33952Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2218212Issue TrackingPatchThird Party Advisory
https://www.zerodayinitiative.com/advisories/ZDI-CAN-20292PatchThird Party AdvisoryVDB Entry
https://access.redhat.com/errata/RHSA-2023:6583Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:6901Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7077Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:1404
https://access.redhat.com/errata/RHSA-2024:4823
https://access.redhat.com/errata/RHSA-2024:4831

FAQ

What is CVE-2023-33952?

CVE-2023-33952 is a vulnerability with a CVSS score of 6.7 (MEDIUM). A double-free vulnerability was found in handling vmw_buffer_object objects in the vmwgfx driver in the Linux kernel. This issue occurs due to the lack of validating the existence of an object prior t...

How severe is CVE-2023-33952?

CVE-2023-33952 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-33952?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Redhat Enterprise Linux, Redhat Enterprise Linux For Real Time, Redhat Enterprise Linux For Real Time For Nfv.