AZL-27638

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-27638.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-27638

Upstream

CVE-2023-33952

Published

2023-07-24T16:15:11Z

Modified

2026-04-01T05:09:19.611230Z

Severity

6.7 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

CVE-2023-33952 affecting package hyperv-daemons for versions less than 5.15.158.1-1

Details

A double-free vulnerability was found in handling vmwbufferobject objects in the vmwgfx driver in the Linux kernel. This issue occurs due to the lack of validating the existence of an object prior to performing further free operations on the object, which may allow a local privileged user to escalate privileges and execute code in the context of the kernel.

References

https://nvd.nist.gov/vuln/detail/CVE-2023-33952

Affected packages

Azure Linux:2 / hyperv-daemons

Package

Name: hyperv-daemons
Purl: pkg:rpm/azure-linux/hyperv-daemons

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.15.158.1-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-27638.json"