CVE-2023-33952: 
Linux Kernel vulnerability analysis and mitigation

A double-free vulnerability (CVE-2023-33952) was discovered in the vmwgfx driver in the Linux kernel. The vulnerability was found in the handling of vmwbufferobject objects, stemming from the lack of validating object existence before performing free operations. This vulnerability was reported in May 2023 and affects Linux kernel versions up to 6.3.9 (NVD, ZDI Advisory).

The vulnerability exists within the handling of vmwbufferobject objects in the vmwgfx driver. The core issue results from the lack of proper validation of an object's existence before performing free operations on it. The vulnerability has been assigned a CVSS v3.1 base score of 6.7 (Medium) with the vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H (Red Hat).

An attacker who successfully exploits this vulnerability can escalate privileges and execute code in the context of the kernel. The attack requires local access and high privileges to exploit, but can lead to complete system compromise through privilege escalation (ZDI Advisory).

The vulnerability has been fixed in Linux kernel 6.4-rc1 through a patch that addresses the validation issues in the vmwgfx driver. Red Hat has released security updates for affected versions through multiple security advisories including RHSA-2023:6583, RHSA-2023:6901, and RHSA-2023:7077 (Red Hat Bugzilla).