CVE-2021-31693: VMSA-2022-0029

Advisory ID: VMSA-2022-0029

CVSSv3 Range: 3.3

Issue Date: 2022-11-29

Updated On: 2022-11-29 (Initial Advisory)

CVE(s): CVE-2022-31693

Synopsis: VMware Tools for Windows update addresses a denial-of-service vulnerability (CVE-2021-31693)

****1. Impacted Products****

• VMware Tools for Windows

****2. Introduction****

A denial-of-service vulnerability in VMware Tools for Windows was privately reported to VMware. Updates are available to remediate this vulnerability in affected VMware products.

****3. VMware Tools for Windows update addresses a denial-of-service vulnerability (CVE-2021-31693)****

VMware Tools for Windows contains a denial-of-service vulnerability in the VM3DMP driver. VMware has evaluated the severity of this issue to be in the Low Severity Range with a maximum CVSSv3 base score of 3.3.

A malicious actor with local user privileges in the Windows guest OS, where VMware Tools is installed, can trigger a PANIC in the VM3DMP driver leading to a denial-of-service condition in the Windows guest OS.

To remediate CVE-2022-31693 apply the patches listed in the ‘Fixed Version’ column of the ‘Response Matrix’ found below.

VMware would like to thank Sergey Kornienko and Wei Lei of PixiePoint Security for reporting this vulnerability to us.

Product

Version

Running On

CVE Identifier

CVSSv3

Severity

Fixed Version

Workarounds

Additional Documentation

VMware Tools for Windows

12.x.y, 11.x.y and 10.x.y

Windows

CVE-2022-31693

3.3

low

12.1.5

None

None

****4. References****

****5. Change Log****

**2022-11-29 VMSA-2022-0029
**Initial security advisory.

****6. Contact****