PT-2023-3563 · Linux+5 · Linux Kernel+5

Mauro Matteo Cascella

Published

2023-02-14

Updated

2026-02-25

CVE-2023-33952

CVSS v3.1

6.7

Medium

Vector

AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux Kernel (affected versions not specified)

Description The issue is related to a double-free vulnerability in the handling of vmw buffer object objects in the vmwgfx driver. This vulnerability occurs due to the lack of validation of an object's existence before performing further free operations, which may allow a local privileged user to escalate privileges and execute code in the context of the kernel. The vulnerability is associated with a race condition in the vmw user bo lookup() function.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Race Condition

Double Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-362CWE-415

Related Identifiers

ALSA-2023:7077

ALT-PU-2024-14046

ALT-PU-2024-6818

AZL-27638

AZL-27756

BDU:2023-03784

CESA-2023_6901

CESA-2023_7077

CVE-2023-33952

OPENSUSE-SU-2023_2646-1

OPENSUSE-SU-2023_2871-1

OPENSUSE-SU-2023_3116-1

OPENSUSE-SU-2023_3153-1

OPENSUSE-SU-2025_0201-1

OPENSUSE-SU-2025_0229-1

RHSA-2023:6583

RHSA-2023:6901

RHSA-2023:7077

RHSA-2023_6583

RHSA-2023_6901

RHSA-2023_7077

RHSA-2024:1404

RHSA-2024:4823

RHSA-2024:4831

SUSE-SU-2023:2646-1

SUSE-SU-2023:2809-1

SUSE-SU-2023:2871-1

SUSE-SU-2023:3116-1

SUSE-SU-2023:3153-1

SUSE-SU-2025:0201-1

SUSE-SU-2025:0201-2

SUSE-SU-2025:0229-1

SUSE-SU-2025_0201-1

SUSE-SU-2025_0201-2

ZDI-23-708

Affected Products

Alt Linux

Almalinux

Centos

Linux Kernel

Red Hat

Suse

PT-2023-3563 · Linux+5 · Linux Kernel+5

CVE-2023-33952

Weakness Enumeration

Related Identifiers

Affected Products

References · 929