Lucene search

K
amazonAmazonALAS2-2023-2114
HistoryJul 05, 2023 - 10:01 p.m.

Important: open-vm-tools

2023-07-0522:01:00
alas.aws.amazon.com
10
vmware tools
privilege escalation
vulnerability
update
open-vm-tools
packages
security advisory
cve-2022-31676

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8

Confidence

High

EPSS

0

Percentile

5.1%

Issue Overview:

VMware Tools (12.0.0, 11.x.y and 10.x.y) contains a local privilege escalation vulnerability. A malicious actor with local non-administrative access to the Guest OS can escalate privileges as a root user in the virtual machine. (CVE-2022-31676)

Affected Packages:

open-vm-tools

Note:

This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.

Issue Correction:
Run yum update open-vm-tools to update your system.

New Packages:

aarch64:  
    open-vm-tools-12.1.0-4.amzn2.0.2.aarch64  
    open-vm-tools-desktop-12.1.0-4.amzn2.0.2.aarch64  
    open-vm-tools-sdmp-12.1.0-4.amzn2.0.2.aarch64  
    open-vm-tools-devel-12.1.0-4.amzn2.0.2.aarch64  
    open-vm-tools-test-12.1.0-4.amzn2.0.2.aarch64  
    open-vm-tools-debuginfo-12.1.0-4.amzn2.0.2.aarch64  
  
src:  
    open-vm-tools-12.1.0-4.amzn2.0.2.src  
  
x86_64:  
    open-vm-tools-12.1.0-4.amzn2.0.2.x86_64  
    open-vm-tools-desktop-12.1.0-4.amzn2.0.2.x86_64  
    open-vm-tools-sdmp-12.1.0-4.amzn2.0.2.x86_64  
    open-vm-tools-salt-minion-12.1.0-4.amzn2.0.2.x86_64  
    open-vm-tools-devel-12.1.0-4.amzn2.0.2.x86_64  
    open-vm-tools-test-12.1.0-4.amzn2.0.2.x86_64  
    open-vm-tools-debuginfo-12.1.0-4.amzn2.0.2.x86_64  

Additional References

Red Hat: CVE-2022-31676

Mitre: CVE-2022-31676

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8

Confidence

High

EPSS

0

Percentile

5.1%