CVE-2023-33951

Kernel: vmwgfx: race condition leading to information disclosure vulnerability

Published: 7/24/2023 Last updated: 11/15/2024 Reserved: 5/24/2023

A race condition vulnerability was found in the vmwgfx driver in the Linux kernel. The flaw exists within the handling of GEM objects. The issue results from improper locking when performing operations on an object. This flaw allows a local privileged user to disclose information in the context of the kernel.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.1	6.7	Medium	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L

Opam packages affected (27)

albatross cdrom conf-bpftool conf-libbpf conf-linux-libc-dev core core_unix hvsock mirage-block-unix mm ocaml-probes orun rawlink rawlink-eio rawlink-lwt shell solo5 solo5-bindings-hvt solo5-bindings-spt solo5-cross-aarch64 solo5-kernel-ukvm tracy-client tuntap uring vhd-format vhd-format-lwt xapi-stdext-unix

Products affected (11)

Product	Vendor	Version
Red Hat Enterprise Linux 6	Red Hat	6.0.2
Red Hat Enterprise Linux 7	Red Hat	< 10.14
Red Hat Enterprise Linux 8.8 Extended Update Support	Red Hat	3.1_DP14
Red Hat Enterprise Linux 9	Red Hat	1.4.1
Red Hat Enterprise Linux 9	Red Hat	3.1_DP11
Red Hat Enterprise Linux 9.2 Extended Update Support	Red Hat	< 131.0.1
Red Hat Enterprise Linux 8	Red Hat	5.0
Red Hat Enterprise Linux 9	Red Hat	3.7.1 Update 03
Red Hat Enterprise Linux 9.2 Extended Update Support	Red Hat	3.1_DP8
Red Hat Enterprise Linux 7	Red Hat	6.0.4
Red Hat Enterprise Linux 8	Red Hat	3.3_DP1

CVE-2023-33951

Kernel: vmwgfx: race condition leading to information disclosure vulnerability

Metrics

Opam packages affected (27)

Products affected (11)

References (18)