{"api_version":"1","generated_at":"2026-04-22T23:53:06+00:00","cve":"CVE-2023-33951","urls":{"html":"https://cve.report/CVE-2023-33951","api":"https://cve.report/api/cve/CVE-2023-33951.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-33951","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-33951"},"summary":{"title":"CVE-2023-33951","description":"A race condition vulnerability was found in the vmwgfx driver in the Linux kernel. The flaw exists within the handling of GEM objects. The issue results from improper locking when performing operations on an object. This flaw allows a local privileged user to disclose information in the context of the kernel.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2023-07-24 16:15:00","updated_at":"2023-11-14 21:15:00"},"problem_types":["CWE-362"],"metrics":[],"references":[{"url":"https://access.redhat.com/errata/RHSA-2023:6583","name":"RHSA-2023:6583","refsource":"","tags":[],"title":"Red Hat","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://access.redhat.com/errata/RHSA-2023:6901","name":"RHSA-2023:6901","refsource":"","tags":[],"title":"Red Hat","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.zerodayinitiative.com/advisories/ZDI-CAN-20110/","name":"https://www.zerodayinitiative.com/advisories/ZDI-CAN-20110/","refsource":"MISC","tags":[],"title":"ZDI-23-707 | Zero Day Initiative","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2218195","name":"https://bugzilla.redhat.com/show_bug.cgi?id=2218195","refsource":"MISC","tags":[],"title":"2218195 – (CVE-2023-33951, ZDI-23-707, ZDI-CAN-20110) CVE-2023-33951 kernel: vmwgfx: race condition leading to information disclosure vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://access.redhat.com/security/cve/CVE-2023-33951","name":"https://access.redhat.com/security/cve/CVE-2023-33951","refsource":"MISC","tags":[],"title":"cve-details","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://access.redhat.com/errata/RHSA-2023:7077","name":"RHSA-2023:7077","refsource":"","tags":[],"title":"Red Hat","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-33951","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-33951","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2023","cve_id":"33951","vulnerable":"1","versionEndIncluding":"6.3.9","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"linux","cpe5":"linux_kernel","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"33951","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"33951","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"9.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2023-33951","qid":"161066","title":"Oracle Enterprise Linux Security Update for kernel (ELSA-2023-6583)"},{"cve":"CVE-2023-33951","qid":"161147","title":"Oracle Enterprise Linux Security Update for kernel (ELSA-2023-7077)"},{"cve":"CVE-2023-33951","qid":"242399","title":"Red Hat Update for kernel security (RHSA-2023:6583)"},{"cve":"CVE-2023-33951","qid":"242434","title":"Red Hat Update for kernel-rt security (RHSA-2023:6901)"},{"cve":"CVE-2023-33951","qid":"242451","title":"Red Hat Update for kernel security (RHSA-2023:7077)"},{"cve":"CVE-2023-33951","qid":"243087","title":"Red Hat Update for kernel (RHSA-2024:1404)"},{"cve":"CVE-2023-33951","qid":"755851","title":"SUSE Enterprise Linux Security Update for the linux kernel (SUSE-SU-2023:2646-1)"},{"cve":"CVE-2023-33951","qid":"907527","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (27761-1)"},{"cve":"CVE-2023-33951","qid":"941453","title":"AlmaLinux Security Update for kernel (ALSA-2023:7077)"}]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2023-33951","ASSIGNER":"secalert@redhat.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"A race condition vulnerability was found in the vmwgfx driver in the Linux kernel. The flaw exists within the handling of GEM objects. The issue results from improper locking when performing operations on an object. This flaw allows a local privileged user to disclose information in the context of the kernel."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Exposure of Sensitive Information to an Unauthorized Actor","cweId":"CWE-200"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"kernel","version":{"version_data":[{"version_value":"not down converted","x_cve_json_5_version_data":{"versions":[{"version":"6.4-rc1","status":"unaffected"}]}}]}}]}},{"vendor_name":"Red Hat","product":{"product_data":[{"product_name":"Red Hat Enterprise Linux 9","version":{"version_data":[{"version_value":"not down converted","x_cve_json_5_version_data":{"versions":[{"version":"0:5.14.0-362.8.1.el9_3","lessThan":"*","versionType":"rpm","status":"unaffected"}],"defaultStatus":"affected"}},{"version_value":"not down converted","x_cve_json_5_version_data":{"versions":[{"version":"0:5.14.0-362.8.1.el9_3","lessThan":"*","versionType":"rpm","status":"unaffected"}],"defaultStatus":"affected"}},{"version_value":"not down converted","x_cve_json_5_version_data":{"defaultStatus":"affected"}}]}},{"product_name":"Red Hat Enterprise Linux 6","version":{"version_data":[{"version_value":"not down converted","x_cve_json_5_version_data":{"defaultStatus":"unaffected"}}]}},{"product_name":"Red Hat Enterprise Linux 7","version":{"version_data":[{"version_value":"not down converted","x_cve_json_5_version_data":{"defaultStatus":"unaffected"}},{"version_value":"not down converted","x_cve_json_5_version_data":{"defaultStatus":"unaffected"}}]}},{"product_name":"Red Hat Enterprise Linux 8","version":{"version_data":[{"version_value":"not down converted","x_cve_json_5_version_data":{"defaultStatus":"affected"}},{"version_value":"not down converted","x_cve_json_5_version_data":{"defaultStatus":"affected"}}]}}]}},{"vendor_name":"Fedora","product":{"product_data":[{"product_name":"Fedora","version":{"version_data":[{"version_value":"not down converted","x_cve_json_5_version_data":{"defaultStatus":"unaffected"}}]}}]}}]}},"references":{"reference_data":[{"url":"https://access.redhat.com/errata/RHSA-2023:6583","refsource":"MISC","name":"https://access.redhat.com/errata/RHSA-2023:6583"},{"url":"https://access.redhat.com/security/cve/CVE-2023-33951","refsource":"MISC","name":"https://access.redhat.com/security/cve/CVE-2023-33951"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2218195","refsource":"MISC","name":"https://bugzilla.redhat.com/show_bug.cgi?id=2218195"},{"url":"https://www.zerodayinitiative.com/advisories/ZDI-CAN-20110/","refsource":"MISC","name":"https://www.zerodayinitiative.com/advisories/ZDI-CAN-20110/"}]},"work_around":[{"lang":"en","value":"This flaw can be mitigated by preventing the affected `vmwgfx` kernel module from being loaded. For instructions on how to blacklist a kernel module, please see https://access.redhat.com/solutions/41278."}],"impact":{"cvss":[{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"LOW","baseScore":6.7,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"HIGH","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L","version":"3.1"}]}},"nvd":{"publishedDate":"2023-07-24 16:15:00","lastModifiedDate":"2023-11-14 21:15:00","problem_types":["CWE-362"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":5.3,"baseSeverity":"MEDIUM"},"exploitabilityScore":0.8,"impactScore":4}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndIncluding":"6.3.9","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}