CVE-2022-31676

Publication date 23 August 2022

Last updated 24 July 2024

Ubuntu priority

Medium

Why this priority?

Cvss 3 Severity Score

7.0 · High

Score breakdown

VMware Tools (12.0.0, 11.x.y and 10.x.y) contains a local privilege escalation vulnerability. A malicious actor with local non-administrative access to the Guest OS can escalate privileges as a root user in the virtual machine.

Read the notes from the security team

Status

Package Ubuntu Release Status
open-vm-tools 22.10 kinetic
Not affected
22.04 LTS jammy
Fixed 2:11.3.5-1ubuntu4.1
20.04 LTS focal
Fixed 2:11.3.0-2ubuntu0~ubuntu20.04.3
18.04 LTS bionic
Fixed 2:11.0.5-4ubuntu0.18.04.2
16.04 LTS xenial
14.04 LTS trusty
Not affected

Get expanded security coverage with Ubuntu Pro

Reduce your average CVE exposure time from 98 days to 1 day with expanded CVE patching, ten-years security maintenance and optional support for the full stack of open-source applications. Free for personal use.

Get Ubuntu Pro

Notes

alexmurray

Patch in email with Message-ID <BYAPR05MB634348FE28845A7AF442BE28B9649@BYAPR05MB6343.namprd05.prod.outlook.com>

Severity score breakdown

Parameter Value
Base score 7.0 · High
Attack vector Local
Attack complexity High
Privileges required Low
User interaction None
Scope Unchanged
Confidentiality High
Integrity impact High
Availability impact High
Vector CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

References

Related Ubuntu Security Notices (USN)

    • USN-5578-1
    • Open VM Tools vulnerability
    • 24 August 2022
    • USN-5578-2
    • Open VM Tools vulnerability
    • 24 August 2022

Other references