CVE-2023-33952 Information

Description

A double-free vulnerability was found in the vmwgfx driver in the Linux kernel. The flaw exists within the handling of vmw_buffer_object objects. The issue results from the lack of validating the existence of an object prior to performing further free operations on the object. This flaw allows a local privileged user to escalate privileges and execute code in the context of the kernel.

Reference

https://www.zerodayinitiative.com/advisories/ZDI-CAN-20292 https://access.redhat.com/security/cve/CVE-2023-33952 https://bugzilla.redhat.com/show_bug.cgi?id=2218212