CVE-2023-33951
Kernel: vmwgfx: race condition leading to information disclosure vulnerability
A race condition vulnerability was found in the vmwgfx driver in the Linux kernel. The flaw exists within the handling of GEM objects. The issue results from improper locking when performing operations on an object. This flaw allows a local privileged user to disclose information in the context of the kernel.
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L
Affected products
Red Hat · Red Hat Enterprise Linux 6Red Hat · Red Hat Enterprise Linux 7Red Hat · Red Hat Enterprise Linux 8Red Hat · Red Hat Enterprise Linux 8.8 Extended Update SupportRed Hat · Red Hat Enterprise Linux 9Red Hat · Red Hat Enterprise Linux 9.2 Extended Update SupportWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://access.redhat.com/errata/RHSA-2023:6583https://access.redhat.com/errata/RHSA-2023:6901https://access.redhat.com/errata/RHSA-2023:7077https://access.redhat.com/errata/RHSA-2024:1404https://access.redhat.com/errata/RHSA-2024:4823https://access.redhat.com/errata/RHSA-2024:4831https://access.redhat.com/security/cve/CVE-2023-33951https://bugzilla.redhat.com/show_bug.cgi?id=2218195https://www.zerodayinitiative.com/advisories/ZDI-CAN-20110/