CVE-2023-33951 MEDIUM

CVE-2023-33951: Kernel: vmwgfx: race condition leading to information disclosure vulnerability

Vendor Red Hat
Product Red Hat Enterprise Linux 6
Weakness CWE-413
Published July 24, 2023
Last update February 18, 2026

CVSS base score

6.7/10
Attack vector Local
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L

What the vulnerability does

01Description

A race condition vulnerability was found in the vmwgfx driver in the Linux kernel. The flaw exists within the handling of GEM objects. The issue results from improper locking when performing operations on an object. This flaw allows a local privileged user to disclose information in the context of the kernel.

Key dates

02Disclosure timeline

July 24, 2023 CVE published
February 18, 2026 Record updated