CVE-2023-33952
Kernel: vmwgfx: double free within the handling of vmw_buffer_object objects
CVSS Score
6.7
EPSS Score
0.0%
EPSS Percentile
0th
A double-free vulnerability was found in handling vmw_buffer_object objects in the vmwgfx driver in the Linux kernel. This issue occurs due to the lack of validating the existence of an object prior to performing further free operations on the object, which may allow a local privileged user to escalate privileges and execute code in the context of the kernel.
| CWE | CWE-415 |
| Vendor | red hat |
| Product | red hat enterprise linux 8 |
| Published | Jul 24, 2023 |
| Last Updated | Feb 25, 2026 |
Stay Ahead of the Next One
Get instant alerts for red hat red hat enterprise linux 8
Be the first to know when new medium vulnerabilities affecting red hat red hat enterprise linux 8 are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Attack Vector
Local
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Affected Versions
Red Hat / Red Hat Enterprise Linux 8
All versions affected Red Hat / Red Hat Enterprise Linux 8
All versions affected Red Hat / Red Hat Enterprise Linux 8.8 Extended Update Support
All versions affected Red Hat / Red Hat Enterprise Linux 9
All versions affected Red Hat / Red Hat Enterprise Linux 9
All versions affected Red Hat / Red Hat Enterprise Linux 9.2 Extended Update Support
All versions affected Red Hat / Red Hat Enterprise Linux 9.2 Extended Update Support
All versions affected Red Hat / Red Hat Enterprise Linux 6
All versions affected Red Hat / Red Hat Enterprise Linux 7
All versions affected Red Hat / Red Hat Enterprise Linux 7
All versions affected Red Hat / Red Hat Enterprise Linux 9
All versions affected References
access.redhat.com: https://access.redhat.com/errata/RHSA-2023:6583 access.redhat.com: https://access.redhat.com/errata/RHSA-2023:6901 access.redhat.com: https://access.redhat.com/errata/RHSA-2023:7077 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:1404 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:4823 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:4831 access.redhat.com: https://access.redhat.com/security/cve/CVE-2023-33952 bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2218212 zerodayinitiative.com: https://www.zerodayinitiative.com/advisories/ZDI-CAN-20292