Lucene search

PRIOn knowledge basePRION:CVE-2023-34059

HistoryOct 27, 2023 - 5:15 a.m.

Design/Logic Flaw

2023-10-2705:15:00

PRIOn knowledge base

www.prio-n.com

design flaw

logic flaw

vulnerability

vmware-user-suid-wrapper

non-root privileges

input simulation

nvd

6.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges may be able to hijack the
/dev/uinput file descriptor allowing them to simulate user inputs.

CPENameOperatorVersion
debian_linuxeq10.0
debian_linuxeq11.0
debian_linuxeq12.0
open_vm_toolsge11.0.0
open_vm_toolsle12.3.0

Name	Operator	Version
debian_linux	eq	10.0
debian_linux	eq	11.0
debian_linux	eq	12.0
open_vm_tools	ge	11.0.0
open_vm_tools	le	12.3.0

References

www.openwall.com/lists/oss-security/2023/10/27/2

www.openwall.com/lists/oss-security/2023/10/27/3

www.openwall.com/lists/oss-security/2023/11/26/1

www.openwall.com/lists/oss-security/2023/11/27/1

lists.debian.org/debian-lts-announce/2023/11/msg00002.html

lists.fedoraproject.org/archives/list/[email protected]/message/G7G77Z76CQPGUF7VHRA6O3UFCMPPR4O2/

lists.fedoraproject.org/archives/list/[email protected]/message/MQUOFQL2SNNNMKROQ3TZQY4HEYMNOIBW/

lists.fedoraproject.org/archives/list/[email protected]/message/WLTKVTRKQW2GD2274H3UOW6XU4E62GSK/

www.debian.org/security/2023/dsa-5543

www.vmware.com/security/advisories/VMSA-2023-0024.html