2022-08-23 (Initial Advisory)
VMware Tools update addresses a local privilege escalation vulnerability (CVE-2022-31676)
1. Impacted Products
- VMware Tools
VMware Tools was impacted by a local privilege escalation vulnerability. Updates are available to remediate this vulnerability in affected VMware products.
3. Local privilege escalation vulnerability (CVE-2022-31676)
Known Attack Vectors
A malicious actor with local non-administrative access to the Guest OS can escalate privileges as a root user in the virtual machine.
To remediate CVE-2022-31676 apply the patches listed in the ‘Fixed Version’ column of the ‘Response Matrix’ found below.
VMware Tools 10.3.25 only applies to the older Linux releases.
|Product||Version||Running On||CVE Identifier||CVSSv3||Severity||Fixed Version||Workarounds||Additional Documentation|
Fixed Version(s) and Release Notes:
VMware Tools 12.1.0
Downloads and Documentation:
VMware Tools 10.3.25
Mitre CVE Dictionary Links:
FIRST CVSSv3 Calculator:
5. Change Log
Initial security advisory.
E-mail list for product security notifications and announcements:
This Security Advisory is posted to the following lists:
PGP key at:
VMware Security Advisories
VMware Security Response Policy
VMware Lifecycle Support Phases
VMware Security & Compliance Blog
Copyright 2022 VMware Inc. All rights reserved.
All content and images belong to their respected owners, this article is curated for informational purposes only.