A vulnerability has been discovered in open-vm-tools which could allow for local privilege escalation.
|Package||app-emulation/open-vm-tools on all architectures|
|Affected versions||< 12.1.0|
|Unaffected versions||>= 12.1.0|
open-vm-tools contains tools for VMware guests.
A pipe accessible to unprivileged users in the VMWare guest does not sufficiently sanitize input.
An unprivileged guest user could achieve root privileges within the guest.
There is no known workaround at this time.
All open-vm-tools users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-emulation/open-vm-tools-12.1.0"
October 31, 2022
October 31, 2022: 1