CVE-2023-33952 MEDIUM

CVE-2023-33952: Kernel: vmwgfx: double free within the handling of vmw_buffer_object objects

Vendor Red Hat
Product Red Hat Enterprise Linux 6
Weakness CWE-415
Published July 24, 2023
Last update February 25, 2026

CVSS base score

6.7/10
Attack vector Local
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A double-free vulnerability was found in handling vmw_buffer_object objects in the vmwgfx driver in the Linux kernel. This issue occurs due to the lack of validating the existence of an object prior to performing further free operations on the object, which may allow a local privileged user to escalate privileges and execute code in the context of the kernel.

Key dates

02Disclosure timeline

July 24, 2023 CVE published
February 25, 2026 Record updated