fkie_cve-2023-33951
Vulnerability from fkie_nvd
Published
2023-07-24 16:15
Modified
2024-11-21 08:06
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L
5.3 (Medium) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N
Summary
A race condition vulnerability was found in the vmwgfx driver in the Linux kernel. The flaw exists within the handling of GEM objects. The issue results from improper locking when performing operations on an object. This flaw allows a local privileged user to disclose information in the context of the kernel.
References
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2023:6583Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2023:6901Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2023:7077Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:1404
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:4823
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:4831
secalert@redhat.comhttps://access.redhat.com/security/cve/CVE-2023-33951Third Party Advisory
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=2218195Issue Tracking, Patch
secalert@redhat.comhttps://www.zerodayinitiative.com/advisories/ZDI-CAN-20110/Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2023:6583Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2023:6901Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2023:7077Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:1404
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:4823
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:4831
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/security/cve/CVE-2023-33951Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=2218195Issue Tracking, Patch
af854a3a-2127-422b-91ae-364da2661108https://www.zerodayinitiative.com/advisories/ZDI-CAN-20110/Third Party Advisory, VDB Entry
Impacted products
Vendor Product Version
linux linux_kernel *
redhat enterprise_linux 8.0
redhat enterprise_linux 9.0
redhat enterprise_linux_for_real_time 8.0
redhat enterprise_linux_for_real_time_for_nfv 8.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "91F73DF0-B48A-4A70-A0C6-8844D289441D",
              "versionEndIncluding": "6.3.9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_real_time:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5487EF77-D23A-4CC0-851C-E330B4485D8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "782C86CD-1B68-410A-A096-E5170AD24DA2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A race condition vulnerability was found in the vmwgfx driver in the Linux kernel. The flaw exists within the handling of GEM objects. The issue results from improper locking when performing operations on an object. This flaw allows a local privileged user to disclose information in the context of the kernel."
    },
    {
      "lang": "es",
      "value": "Se encontr\u00f3 una vulnerabilidad de condici\u00f3n de ejecuci\u00f3n en el controlador vmwgfx del kernel de Linux. El fallo existe en el manejo de objetos GEM. El problema se debe a un bloqueo inadecuado al realizar operaciones en un objeto. Este fallo permite que un usuario local privilegiado revele informaci\u00f3n en el contexto del kernel."
    }
  ],
  "id": "CVE-2023-33951",
  "lastModified": "2024-11-21T08:06:16.653",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "LOW",
          "baseScore": 6.7,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 1.5,
        "impactScore": 4.7,
        "source": "secalert@redhat.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 4.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-07-24T16:15:11.820",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2023:6583"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2023:6901"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2023:7077"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:1404"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:4823"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:4831"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/security/cve/CVE-2023-33951"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Patch"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2218195"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-20110/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2023:6583"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2023:6901"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2023:7077"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2024:1404"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2024:4823"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2024:4831"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/security/cve/CVE-2023-33951"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2218195"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-20110/"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-362"
        },
        {
          "lang": "en",
          "value": "CWE-667"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.