A race condition vulnerability was found in the vmwgfx driver in the Linux kernel. The flaw exists within the handling of GEM objects. The issue results from improper locking when performing operations on an object. This flaw allows a local privileged user to disclose information in the context of the kernel.
| Version | Base score | Base severity | Vector |
|---|---|---|---|
| 3.1 | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L |
| CAPEC ID | Description |
|---|
This flaw can be mitigated by preventing the affected `vmwgfx` kernel module from being loaded. For instructions on how to blacklist a kernel module, please see https://access.redhat.com/solutions/41278.
| Event | Date |
|---|---|
| Reported to Red Hat. | 2023-06-28 00:00:00 |
| Made public. | 2023-02-15 00:00:00 |
| Hyperlink | Resource |
|---|---|
| https://access.redhat.com/errata/RHSA-2023:6583 | vendor-advisory x_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2023:6901 | vendor-advisory x_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2023:7077 | vendor-advisory x_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2024:1404 | vendor-advisory x_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2024:4823 | vendor-advisory x_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2024:4831 | vendor-advisory x_refsource_REDHAT |
| https://access.redhat.com/security/cve/CVE-2023-33951 | vdb-entry x_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2218195 | issue-tracking x_refsource_REDHAT |
| https://www.zerodayinitiative.com/advisories/ZDI-CAN-20110/ | N/A |
| Version | Base score | Base severity | Vector |
|---|
| CAPEC ID | Description |
|---|
| Event | Date |
|---|
| Hyperlink | Resource |
|---|
| Version | Base score | Base severity | Vector |
|---|
| CAPEC ID | Description |
|---|
| Event | Date |
|---|
| Hyperlink | Resource |
|---|---|
| https://access.redhat.com/errata/RHSA-2023:6583 | vendor-advisory x_refsource_REDHAT x_transferred |
| https://access.redhat.com/errata/RHSA-2023:6901 | vendor-advisory x_refsource_REDHAT x_transferred |
| https://access.redhat.com/errata/RHSA-2023:7077 | vendor-advisory x_refsource_REDHAT x_transferred |
| https://access.redhat.com/errata/RHSA-2024:1404 | vendor-advisory x_refsource_REDHAT x_transferred |
| https://access.redhat.com/errata/RHSA-2024:4823 | vendor-advisory x_refsource_REDHAT x_transferred |
| https://access.redhat.com/errata/RHSA-2024:4831 | vendor-advisory x_refsource_REDHAT x_transferred |
| https://access.redhat.com/security/cve/CVE-2023-33951 | vdb-entry x_refsource_REDHAT x_transferred |
| https://bugzilla.redhat.com/show_bug.cgi?id=2218195 | issue-tracking x_refsource_REDHAT x_transferred |
| https://www.zerodayinitiative.com/advisories/ZDI-CAN-20110/ | x_transferred |