Bug 2118714 (CVE-2022-31676)
Summary: | CVE-2022-31676 open-vm-tools: local root privilege escalation in the virtual machine | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Marian Rehak <mrehak> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | unspecified | CC: | amielnic, angelo.alvarez, boyang, cavery, cfeng, dbodnarc, ddepaula, eterrell, gveitmic, jburrell, jen, jentrena, jferlan, jsavanyo, jwolfe, kyoshida, ldu, leiwang, mrezanin, negativo17, pdwyer, ravindrakumar, rjones, sameer_ghogre, sbalasub, security-response-team, timo.alatalo, villapla, virt-maint, vkumar, yacao |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | open-vm-tools 12.1.0 | Doc Type: | If docs needed, set a value |
Doc Text: |
A flaw was found in open-vm-tools. A malicious actor with local non-administrative access to the guest operating system can escalate privileges as a root user in the virtual machine.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2022-09-29 10:29:16 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 2119281, 2119282, 2119283, 2119284, 2119285, 2119286, 2119310, 2119311, 2120976 | ||
Bug Blocks: | 2118716 |
Description
Marian Rehak
2022-08-16 14:05:08 UTC
marking OSD affected/fix for _presence_ of code, although these services do not _use_ said code Created open-vm-tools tracking bugs for this issue: Affects: fedora-all [bug 2120976] This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions Via RHSA-2022:6354 https://access.redhat.com/errata/RHSA-2022:6354 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2022:6355 https://access.redhat.com/errata/RHSA-2022:6355 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2022:6358 https://access.redhat.com/errata/RHSA-2022:6358 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:6357 https://access.redhat.com/errata/RHSA-2022:6357 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Extended Update Support Via RHSA-2022:6356 https://access.redhat.com/errata/RHSA-2022:6356 Is there an ETA for the updated open-vm-tools RPM for RHEL 7? Hi, RHEL7.9's engineering work for the fix is ready, production team is delivering the fix, I think it will be published soon, thanks for your patience! This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2022:6381 https://access.redhat.com/errata/RHSA-2022:6381 All the BZs related to this bug are already all closed with their erratas (2119281 2119282 2119283 2119284 2119285 2119286 2119310 2119311 2120976) Nothing else to do on this BZ. If this is not correct, please reopen it. |