Security
Security
A vulnerability has been discovered in open-vm-tools which could allow for local privilege escalation.
| Package | app-emulation/open-vm-tools on all architectures |
|---|---|
| Affected versions | < 12.1.0 |
| Unaffected versions | >= 12.1.0 |
open-vm-tools contains tools for VMware guests.
A pipe accessible to unprivileged users in the VMWare guest does not sufficiently sanitize input.
An unprivileged guest user could achieve root privileges within the guest.
There is no known workaround at this time.
All open-vm-tools users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-emulation/open-vm-tools-12.1.0"
Release date
October 31, 2022
Latest revision
October 31, 2022: 1
Severity
high
Exploitable
remote
Bugzilla entries