Home > Vulnerability Database > CVE-2023-33952

Mend.io Vulnerability Database

CVE-2023-33952

Good to know:

Date: July 24, 2023

A double-free vulnerability was found in handling vmw_buffer_object objects in the vmwgfx driver in the Linux kernel. This issue occurs due to the lack of validating the existence of an object prior to performing further free operations on the object, which may allow a local privileged user to escalate privileges and execute code in the context of the kernel.

Language: C

Severity Score

6.7

Related Resources (8)

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-33952

Url: https://bugzilla.redhat.com/show_bug.cgi?id=2218212

Url: https://access.redhat.com/errata/RHSA-2023:6901

Url: https://www.zerodayinitiative.com/advisories/ZDI-CAN-20292

Url: https://access.redhat.com/errata/RHSA-2023:7077

Url: https://access.redhat.com/security/cve/CVE-2023-33952

Url: https://access.redhat.com/errata/RHSA-2023:6583

Url: https://www.mend.io/vulnerability-database/CVE-2023-33952

Severity Score

6.7

Weakness Type (CWE)

Double Free

CWE-415

Top Fix

Upgrade Version

Upgrade to version v6.1.13,v6.2,v6.3-rc1,v6.4-rc1

Learn More

CVSS v3.1

Base Score:	6.7
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2023-33952

Good to know:

Date: July 24, 2023

Language: C

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?