CVE-2023-33951
MEDIUMLinux Kernel < 6.3.9 - Information Disclosure via vmwgfx Driver Race Condition
Title source: llmDescription
A race condition vulnerability was found in the vmwgfx driver in the Linux kernel. The flaw exists within the handling of GEM objects. The issue results from improper locking when performing operations on an object. This flaw allows a local privileged user to disclose information in the context of the kernel.
References (9)
Core 9
Core References
Third Party Advisory, VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-CAN-20110/
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2023:6583
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2023:6901
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2023:7077
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:4831
Third Party Advisory vdb-entry
x_refsource_redhat
https://access.redhat.com/security/cve/CVE-2023-33951
Issue Tracking, Patch issue-tracking
x_refsource_redhat
https://bugzilla.redhat.com/show_bug.cgi?id=2218195
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:1404
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:4823
Scores
CVSS v3
6.7
EPSS
0.0034
EPSS Percentile
25.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-413
CWE-667
CWE-362
Status
published
Products (5)
linux/linux_kernel
< 6.3.9
redhat/enterprise_linux
8.0
redhat/enterprise_linux
9.0
redhat/enterprise_linux_for_real_time
8.0
redhat/enterprise_linux_for_real_time_for_nfv
8.0
Published
Jul 24, 2023
Tracked Since
Feb 18, 2026