Azure Linux 3.0 Security Update: hyperv-daemons (CVE-2023-52648)

The version of hyperv-daemons installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-52648 advisory. - In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Unmap the surface...

CVE-2023-5633 Kernel: vmwgfx: reference count issue leads to use-after-free in surface handling

The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface. When running inside a VMware guest with 3D acceleration enabled, a local, unprivileged user...

CVE-2023-33952

A double-free vulnerability was found in handling vmwbufferobject objects in the vmwgfx driver in the Linux kernel. This issue occurs due to the lack of validating the existence of an object prior to performing further free operations on the object, which may allow a local privileged user to...

kernel: vmwgfx: out-of-bounds write in vmw_kms_cursor_snoop

An out-of-bounds memory write vulnerability was found in the Linux kernel's vmwgfx driver in vmwkmscursorsnoop due to a missing check of a memcpy length. This flaw allows a local, unprivileged attacker with access to either the /dev/dri/card0 or /dev/dri/rendererD128 and able to issue an ioctl on...