Lucene search

K
cvelistVmwareCVELIST:CVE-2022-22942
HistoryDec 13, 2023 - 8:16 a.m.

CVE-2022-22942

2023-12-1308:16:34
vmware
www.cve.org
vmwgfx driver vulnerability
local privilege escalation
unprivileged users
file pointer vulnerability

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

31.4%

The vmwgfx driver contains a local privilege escalation vulnerability that allows unprivileged users to gain access to files opened by other processes on the system through a dangling β€˜file’ pointer.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Photon OS",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "3.0, 4.0"
      }
    ]
  }
]

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

31.4%