1. Home
  2. Vulnerabilities
  3. CVE-2023-33951

CVE-2023-33951

CVSS v3.1 5.3 (Medium)
53% Progress
EPSS 0.04 % (17th)
0.04% Progress
Affected Products 4
Advisories 8
NVD Status Modified
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

A race condition vulnerability was found in the vmwgfx driver in the Linux kernel. The flaw exists within the handling of GEM objects. The issue results from improper locking when performing operations on an object. This flaw allows a local privileged user to disclose information in the context of the kernel.

Weaknesses
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE-667
Improper Locking
Related CVEs
CVE Status
PUBLISHED
NVD Status
Modified
CNA
Red Hat, Inc.
Published Date
2023-07-24 16:15:11
(14 months ago)
Updated Date
2024-07-24 16:15:05
(7 weeks ago)

Affected Products

Linux

Redhat

Configuration #1

    CPE23 From Up To
  Linux Kernel 6.3.9 and prior versions cpe:2.3:o:linux:linux_kernel <= 6.3.9

Configuration #2

    CPE23 From Up To
  Redhat Enterprise Linux 8.0 cpe:2.3:o:redhat:enterprise_linux:8.0
  Redhat Enterprise Linux 9.0 cpe:2.3:o:redhat:enterprise_linux:9.0
  Redhat Enterprise Linux for Real Time 8.0 cpe:2.3:o:redhat:enterprise_linux_for_real_time:8.0
  Redhat Enterprise Linux for Real Time For Nfv 8.0 cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv:8.0