PT-2023-3563 · Linux+5 · Linux Kernel+5

Mauro Matteo Cascella

·

Publicado

2023-02-14

·

Atualizado

2026-02-25

·

CVE-2023-33952

CVSS v3.1

6.7

Média

VetorAV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux Kernel (affected versions not specified)
Description The issue is related to a double-free vulnerability in the handling of vmw buffer object objects in the vmwgfx driver. This vulnerability occurs due to the lack of validation of an object's existence before performing further free operations, which may allow a local privileged user to escalate privileges and execute code in the context of the kernel. The vulnerability is associated with a race condition in the vmw user bo lookup() function.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Race Condition

Double Free

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-362CWE-415

Identificadores relacionados

ALSA-2023:7077
ALT-PU-2024-14046
ALT-PU-2024-6818
AZL-27638
AZL-27756
BDU:2023-03784
CESA-2023_6901
CESA-2023_7077
CVE-2023-33952
OPENSUSE-SU-2023_2646-1
OPENSUSE-SU-2023_2871-1
OPENSUSE-SU-2023_3116-1
OPENSUSE-SU-2023_3153-1
OPENSUSE-SU-2025_0201-1
OPENSUSE-SU-2025_0229-1
RHSA-2023:6583
RHSA-2023:6901
RHSA-2023:7077
RHSA-2023_6583
RHSA-2023_6901
RHSA-2023_7077
RHSA-2024:1404
RHSA-2024:4823
RHSA-2024:4831
SUSE-SU-2023:2646-1
SUSE-SU-2023:2809-1
SUSE-SU-2023:2871-1
SUSE-SU-2023:3116-1
SUSE-SU-2023:3153-1
SUSE-SU-2025:0201-1
SUSE-SU-2025:0201-2
SUSE-SU-2025:0229-1
SUSE-SU-2025_0201-1
SUSE-SU-2025_0201-2
ZDI-23-708

Produtos afetados

Alt Linux
Almalinux
Centos
Linux Kernel
Red Hat
Suse