VMware Tools update fixes local privilege escalation vulnerability (CVE-2022-31676)

VMware has released a security update for VMware Tools that fixes a local privilege escalation vulnerability.

According to the VMware update VMSA-2022-0024, the local privilege escalation vulnerability (CVE-2022-31676) could allow “a malicious actor with local non-administrative access to the Guest OS can escalate privileges as a root user in the virtual machine.”

VMware has rated the vulnerability ‘Important’ and a CVSS score of 7.0.

VMware recommends upgrading to the following fixed versions:

  • VMware Tools 12.1.0 for Windows (from 12.x.y, 11.x.y and 10.x.y).
  • VMware Tools 12.1.0 for Linux (from 12.x.y, 11.x.y).
  • VMware Tools 10.3.25 for Linux (from 10.x.y).

Readers can check out the latest details for CVE-2022-31676 and VMware Security Advisories.

Related Articles