CVE-2023-33952

Kernel: vmwgfx: double free within the handling of vmw_buffer_object objects

CVSS 6.7 MEDIUMEPSS 0.5%CWE-415

Vexday Risk Score

13Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 6.7EPSS 0.5%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Ciclo de vida

24 jul 2023Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

A double-free vulnerability was found in handling vmw_buffer_object objects in the vmwgfx driver in the Linux kernel. This issue occurs due to the lack of validating the existence of an object prior to performing further free operations on the object, which may allow a local privileged user to escalate privileges and execute code in the context of the kernel.

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Productos afectados

Red Hat · Red Hat Enterprise Linux 6 Red Hat · Red Hat Enterprise Linux 7 Red Hat · Red Hat Enterprise Linux 8 Red Hat · Red Hat Enterprise Linux 8.8 Extended Update Support Red Hat · Red Hat Enterprise Linux 9 Red Hat · Red Hat Enterprise Linux 9.2 Extended Update Support

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://access.redhat.com/errata/RHSA-2023:6583 https://access.redhat.com/errata/RHSA-2023:6901 https://access.redhat.com/errata/RHSA-2023:7077 https://access.redhat.com/errata/RHSA-2024:1404 https://access.redhat.com/errata/RHSA-2024:4823 https://access.redhat.com/errata/RHSA-2024:4831 https://access.redhat.com/security/cve/CVE-2023-33952 https://bugzilla.redhat.com/show_bug.cgi?id=2218212 https://www.zerodayinitiative.com/advisories/ZDI-CAN-20292