VMware has released a security update for VMware Tools that fixes a local privilege escalation vulnerability.
According to the VMware update VMSA-2022-0024, the local privilege escalation vulnerability (CVE-2022-31676) could allow “a malicious actor with local non-administrative access to the Guest OS can escalate privileges as a root user in the virtual machine.”
VMware has rated the vulnerability ‘Important’ and a CVSS score of 7.0.
VMware recommends upgrading to the following fixed versions:
- VMware Tools 12.1.0 for Windows (from 12.x.y, 11.x.y and 10.x.y).
- VMware Tools 12.1.0 for Linux (from 12.x.y, 11.x.y).
- VMware Tools 10.3.25 for Linux (from 10.x.y).