Alpaquita LinuxStreamSecurity Advisory
Search Cve

CVE-2023-33952

Published: October 18, 2023Last modified: October 18, 2023

Description

A double-free vulnerability was found in the vmwgfx driver in the Linux kernel. The flaw exists within the handling of vmw_buffer_object objects. The issue results from the lack of validating the existence of an object prior to performing further free operations on the object. This flaw allows a local privileged user to escalate privileges and execute code in the context of the kernel.

Severity score breakdown

ParameterValue
Base score6.7
Attack VectorLOCAL
Attack complexityLOW
Privileges requiredHIGH
User interactionNONE
ScopeUNCHANGED
ConfidentialityHIGH
Integrity impactHIGH
Availability impactHIGH
VectorCVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Status

ProductReleasePackageStatus
Alpaquita LinuxStreamlinux-ltsFixed (6.1.78-r0)

References

ON THIS PAGE