Vulnerability CVE-2022-31676: Information
Description
VMware Tools (12.0.0, 11.x.y and 10.x.y) contains a local privilege escalation vulnerability. A malicious actor with local non-administrative access to the Guest OS can escalate privileges as a root user in the virtual machine.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
open-vm-tools | c9f2 | 12.1.0-alt0.c9.1 | 12.3.5-alt0.c9.1 | ALT-PU-2022-2579-1 | 306079 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
https://www.vmware.com/security/advisories/VMSA-2022-0024.html |
|
[oss-security] 20220823 [SECURITY ADVISORY] open-vm-tools: Local privilege escalation vulnerability (CVE-2022-31676) |
|
DSA-5215 |
|
[debian-lts-announce] 20220825 [SECURITY] [DLA 3081-1] open-vm-tools security update |
|
https://security.netapp.com/advisory/ntap-20221017-0003/ |
|
GLSA-202210-27 |
|
FEDORA-2022-cd23eac6f4 | |
FEDORA-2022-1b8d3b2845 | |
FEDORA-2022-1c9c0bacaf |