Vulnerability Details : CVE-2023-33951
A race condition vulnerability was found in the vmwgfx driver in the Linux kernel. The flaw exists within the handling of GEM objects. The issue results from improper locking when performing operations on an object. This flaw allows a local privileged user to disclose information in the context of the kernel.
Products affected by CVE-2023-33951
- cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_for_real_time:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-33951
0.05%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 16 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-33951
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.3
|
MEDIUM | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N |
0.8
|
4.0
|
NIST | |
6.7
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L |
1.5
|
4.7
|
Red Hat, Inc. |
CWE ids for CVE-2023-33951
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: secalert@redhat.com (Secondary)
-
The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.Assigned by: nvd@nist.gov (Primary)
-
The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.Assigned by: nvd@nist.gov (Primary)
References for CVE-2023-33951
-
https://access.redhat.com/errata/RHSA-2024:4831
RHSA-2024:4831 - Security Advisory - Red Hat Customer Portal
-
https://access.redhat.com/errata/RHSA-2023:7077
RHSA-2023:7077 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2023:6583
RHSA-2023:6583 - Security Advisory - Red Hat カスタマーポータルThird Party Advisory
-
https://access.redhat.com/security/cve/CVE-2023-33951
CVE-2023-33951- Red Hat Customer PortalThird Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=2218195
2218195 – (CVE-2023-33951, ZDI-23-707, ZDI-CAN-20110) CVE-2023-33951 kernel: vmwgfx: race condition leading to information disclosure vulnerabilityIssue Tracking;Patch
-
https://www.zerodayinitiative.com/advisories/ZDI-CAN-20110/
ZDI-23-707 | Zero Day InitiativeThird Party Advisory;VDB Entry
-
https://access.redhat.com/errata/RHSA-2024:4823
RHSA-2024:4823 - Security Advisory - Red Hat Customer Portal
-
https://access.redhat.com/errata/RHSA-2023:6901
RHSA-2023:6901 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2024:1404
RHSA-2024:1404 - Security Advisory - Red Hat カスタマーポータル
Jump to