Vulnerability CVE-2022-31676: Information

Description

VMware Tools (12.0.0, 11.x.y and 10.x.y) contains a local privilege escalation vulnerability. A malicious actor with local non-administrative access to the Guest OS can escalate privileges as a root user in the virtual machine.

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2022-31676
Published: Aug. 23, 2022
Modified: Nov. 7, 2023
Error type identifier: CWE-269

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
open-vm-toolsc9f212.1.0-alt0.c9.112.3.5-alt0.c9.1ALT-PU-2022-2579-1306079Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://www.vmware.com/security/advisories/VMSA-2022-0024.html
  • Release Notes
  • Vendor Advisory
[oss-security] 20220823 [SECURITY ADVISORY] open-vm-tools: Local privilege escalation vulnerability (CVE-2022-31676)
  • Mailing List
  • Patch
  • Release Notes
  • Third Party Advisory
DSA-5215
  • Third Party Advisory
[debian-lts-announce] 20220825 [SECURITY] [DLA 3081-1] open-vm-tools security update
  • Mailing List
  • Third Party Advisory
https://security.netapp.com/advisory/ntap-20221017-0003/
  • Third Party Advisory
GLSA-202210-27
  • Third Party Advisory
FEDORA-2022-cd23eac6f4
    FEDORA-2022-1b8d3b2845
      FEDORA-2022-1c9c0bacaf

          1. Configuration 1

            cpe:2.3:a:vmware:tools:*:*:*:*:*:*:*:*
            Running on/with:
            cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

            Configuration 2

            cpe:2.3:a:vmware:tools:*:*:*:*:*:*:*:*
            cpe:2.3:a:vmware:tools:*:*:*:*:*:*:*:*
            Running on/with:
            cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

            Configuration 3

            cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
            cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

            Configuration 4

            cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
            cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*

            Configuration 5

            cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*
        VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
        Version: v24.5.3
        Back to top