Headline
RHSA-2022:6358: Red Hat Security Advisory: open-vm-tools security update
An update for open-vm-tools is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-31676: open-vm-tools: local root privilege escalation in the virtual machine
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- Red Hat CodeReady Workspaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2022-09-06
Updated:
2022-09-06
RHSA-2022:6358 - Security Advisory
- Overview
- Updated Packages
Synopsis
Important: open-vm-tools security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for open-vm-tools is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualization components that enhance performance and user experience of virtual machines.
Security Fix(es):
- open-vm-tools: local root privilege escalation in the virtual machine (CVE-2022-31676)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
- Red Hat Enterprise Linux for x86_64 9 x86_64
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0 x86_64
- Red Hat Enterprise Linux for ARM 64 9 aarch64
- Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.0 aarch64
- Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 x86_64
- Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.0 aarch64
Fixes
- BZ - 2118714 - CVE-2022-31676 open-vm-tools: local root privilege escalation in the virtual machine
Red Hat Enterprise Linux for x86_64 9
SRPM
open-vm-tools-11.3.5-1.el9_0.1.src.rpm
SHA-256: ad8022ae60616154dab775c9c30de3076d65162c55e6c12a03102a86e52fffff
x86_64
open-vm-tools-11.3.5-1.el9_0.1.x86_64.rpm
SHA-256: fe2dce0ac4a4eab3904916f384e32ab1bfe8065fc5e657ef4f00f0dbf5996863
open-vm-tools-debuginfo-11.3.5-1.el9_0.1.x86_64.rpm
SHA-256: a69fdd7582e9293bf8ca5879ac630c921dcb6709f4cdf4d07ececbb8d7524e7c
open-vm-tools-debugsource-11.3.5-1.el9_0.1.x86_64.rpm
SHA-256: 7770d223e8cf61dd8d539f6c22290ca59a09e9b003150e4bd7e6ffa174531ba7
open-vm-tools-desktop-11.3.5-1.el9_0.1.x86_64.rpm
SHA-256: 0cb204cc8d9a06ed121da60e2c3b02311fa22a520561e928e57dccd5d8e6939d
open-vm-tools-desktop-debuginfo-11.3.5-1.el9_0.1.x86_64.rpm
SHA-256: 502030a4f1a10f93da363d70f23de03e04fe946a33f6cc43d71342fb9b87655c
open-vm-tools-sdmp-11.3.5-1.el9_0.1.x86_64.rpm
SHA-256: ab46830db792fc4e34933201e78791cb651d495df1ff8b9fe7a23f0f2a9180ac
open-vm-tools-sdmp-debuginfo-11.3.5-1.el9_0.1.x86_64.rpm
SHA-256: baf9c931efacc74f78c25bea64a26dedf088b94543fe4b875b0ff5c34bb4b6ee
open-vm-tools-test-11.3.5-1.el9_0.1.x86_64.rpm
SHA-256: e67fccd047d462de395a8695cde4d60233a10188fd37cd9bac03effcd2970dbc
open-vm-tools-test-debuginfo-11.3.5-1.el9_0.1.x86_64.rpm
SHA-256: 57ecd016f0949b3b5f5dc70472f5a6ab9b7db0dea62828a1076da194d6e0b741
Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0
SRPM
open-vm-tools-11.3.5-1.el9_0.1.src.rpm
SHA-256: ad8022ae60616154dab775c9c30de3076d65162c55e6c12a03102a86e52fffff
x86_64
open-vm-tools-11.3.5-1.el9_0.1.x86_64.rpm
SHA-256: fe2dce0ac4a4eab3904916f384e32ab1bfe8065fc5e657ef4f00f0dbf5996863
open-vm-tools-debuginfo-11.3.5-1.el9_0.1.x86_64.rpm
SHA-256: a69fdd7582e9293bf8ca5879ac630c921dcb6709f4cdf4d07ececbb8d7524e7c
open-vm-tools-debugsource-11.3.5-1.el9_0.1.x86_64.rpm
SHA-256: 7770d223e8cf61dd8d539f6c22290ca59a09e9b003150e4bd7e6ffa174531ba7
open-vm-tools-desktop-11.3.5-1.el9_0.1.x86_64.rpm
SHA-256: 0cb204cc8d9a06ed121da60e2c3b02311fa22a520561e928e57dccd5d8e6939d
open-vm-tools-desktop-debuginfo-11.3.5-1.el9_0.1.x86_64.rpm
SHA-256: 502030a4f1a10f93da363d70f23de03e04fe946a33f6cc43d71342fb9b87655c
open-vm-tools-sdmp-11.3.5-1.el9_0.1.x86_64.rpm
SHA-256: ab46830db792fc4e34933201e78791cb651d495df1ff8b9fe7a23f0f2a9180ac
open-vm-tools-sdmp-debuginfo-11.3.5-1.el9_0.1.x86_64.rpm
SHA-256: baf9c931efacc74f78c25bea64a26dedf088b94543fe4b875b0ff5c34bb4b6ee
open-vm-tools-test-11.3.5-1.el9_0.1.x86_64.rpm
SHA-256: e67fccd047d462de395a8695cde4d60233a10188fd37cd9bac03effcd2970dbc
open-vm-tools-test-debuginfo-11.3.5-1.el9_0.1.x86_64.rpm
SHA-256: 57ecd016f0949b3b5f5dc70472f5a6ab9b7db0dea62828a1076da194d6e0b741
Red Hat Enterprise Linux for ARM 64 9
SRPM
open-vm-tools-11.3.5-1.el9_0.1.src.rpm
SHA-256: ad8022ae60616154dab775c9c30de3076d65162c55e6c12a03102a86e52fffff
aarch64
open-vm-tools-11.3.5-1.el9_0.1.aarch64.rpm
SHA-256: c136eeca138dd74f29c3958f8ee914c7bf1a4ccd263e502d3a111d43e23cc1ad
open-vm-tools-debuginfo-11.3.5-1.el9_0.1.aarch64.rpm
SHA-256: b0ff0e33d8e6df733270e9f6bc2d799bae7c7eac22528c911b0b530565d3c7ff
open-vm-tools-debugsource-11.3.5-1.el9_0.1.aarch64.rpm
SHA-256: 0a131959cfe3862937a3dcb356172e27f04d484ee618c25ff3f719ce0664b1e8
open-vm-tools-desktop-11.3.5-1.el9_0.1.aarch64.rpm
SHA-256: 946f927204c70cfdec5c0bf626a23d1bd9cc7cab41fdb4d816308d72b3929b46
open-vm-tools-desktop-debuginfo-11.3.5-1.el9_0.1.aarch64.rpm
SHA-256: 8a21773847dcb3a55f22f6b4c1203e17990307622ceeb9fe86d39aa43ee40dca
open-vm-tools-sdmp-debuginfo-11.3.5-1.el9_0.1.aarch64.rpm
SHA-256: 58db197c9c4c665786c17f248ba8f119f9ff3dd56887debb86d87b7a359d3cca
open-vm-tools-test-11.3.5-1.el9_0.1.aarch64.rpm
SHA-256: af6fd793eddd170844d5bd49354dc7218e27b1bf2d1b569c89210b3069ae87ae
open-vm-tools-test-debuginfo-11.3.5-1.el9_0.1.aarch64.rpm
SHA-256: 7261e9ab97dcf1a4a641de8969493cb4f1d91f9eda1b2efbda9ea3018a1f37d1
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.0
SRPM
open-vm-tools-11.3.5-1.el9_0.1.src.rpm
SHA-256: ad8022ae60616154dab775c9c30de3076d65162c55e6c12a03102a86e52fffff
aarch64
open-vm-tools-11.3.5-1.el9_0.1.aarch64.rpm
SHA-256: c136eeca138dd74f29c3958f8ee914c7bf1a4ccd263e502d3a111d43e23cc1ad
open-vm-tools-debuginfo-11.3.5-1.el9_0.1.aarch64.rpm
SHA-256: b0ff0e33d8e6df733270e9f6bc2d799bae7c7eac22528c911b0b530565d3c7ff
open-vm-tools-debugsource-11.3.5-1.el9_0.1.aarch64.rpm
SHA-256: 0a131959cfe3862937a3dcb356172e27f04d484ee618c25ff3f719ce0664b1e8
open-vm-tools-desktop-11.3.5-1.el9_0.1.aarch64.rpm
SHA-256: 946f927204c70cfdec5c0bf626a23d1bd9cc7cab41fdb4d816308d72b3929b46
open-vm-tools-desktop-debuginfo-11.3.5-1.el9_0.1.aarch64.rpm
SHA-256: 8a21773847dcb3a55f22f6b4c1203e17990307622ceeb9fe86d39aa43ee40dca
open-vm-tools-sdmp-debuginfo-11.3.5-1.el9_0.1.aarch64.rpm
SHA-256: 58db197c9c4c665786c17f248ba8f119f9ff3dd56887debb86d87b7a359d3cca
open-vm-tools-test-11.3.5-1.el9_0.1.aarch64.rpm
SHA-256: af6fd793eddd170844d5bd49354dc7218e27b1bf2d1b569c89210b3069ae87ae
open-vm-tools-test-debuginfo-11.3.5-1.el9_0.1.aarch64.rpm
SHA-256: 7261e9ab97dcf1a4a641de8969493cb4f1d91f9eda1b2efbda9ea3018a1f37d1
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0
SRPM
open-vm-tools-11.3.5-1.el9_0.1.src.rpm
SHA-256: ad8022ae60616154dab775c9c30de3076d65162c55e6c12a03102a86e52fffff
x86_64
open-vm-tools-11.3.5-1.el9_0.1.x86_64.rpm
SHA-256: fe2dce0ac4a4eab3904916f384e32ab1bfe8065fc5e657ef4f00f0dbf5996863
open-vm-tools-debuginfo-11.3.5-1.el9_0.1.x86_64.rpm
SHA-256: a69fdd7582e9293bf8ca5879ac630c921dcb6709f4cdf4d07ececbb8d7524e7c
open-vm-tools-debugsource-11.3.5-1.el9_0.1.x86_64.rpm
SHA-256: 7770d223e8cf61dd8d539f6c22290ca59a09e9b003150e4bd7e6ffa174531ba7
open-vm-tools-desktop-11.3.5-1.el9_0.1.x86_64.rpm
SHA-256: 0cb204cc8d9a06ed121da60e2c3b02311fa22a520561e928e57dccd5d8e6939d
open-vm-tools-desktop-debuginfo-11.3.5-1.el9_0.1.x86_64.rpm
SHA-256: 502030a4f1a10f93da363d70f23de03e04fe946a33f6cc43d71342fb9b87655c
open-vm-tools-sdmp-11.3.5-1.el9_0.1.x86_64.rpm
SHA-256: ab46830db792fc4e34933201e78791cb651d495df1ff8b9fe7a23f0f2a9180ac
open-vm-tools-sdmp-debuginfo-11.3.5-1.el9_0.1.x86_64.rpm
SHA-256: baf9c931efacc74f78c25bea64a26dedf088b94543fe4b875b0ff5c34bb4b6ee
open-vm-tools-test-11.3.5-1.el9_0.1.x86_64.rpm
SHA-256: e67fccd047d462de395a8695cde4d60233a10188fd37cd9bac03effcd2970dbc
open-vm-tools-test-debuginfo-11.3.5-1.el9_0.1.x86_64.rpm
SHA-256: 57ecd016f0949b3b5f5dc70472f5a6ab9b7db0dea62828a1076da194d6e0b741
Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.0
SRPM
open-vm-tools-11.3.5-1.el9_0.1.src.rpm
SHA-256: ad8022ae60616154dab775c9c30de3076d65162c55e6c12a03102a86e52fffff
aarch64
open-vm-tools-11.3.5-1.el9_0.1.aarch64.rpm
SHA-256: c136eeca138dd74f29c3958f8ee914c7bf1a4ccd263e502d3a111d43e23cc1ad
open-vm-tools-debuginfo-11.3.5-1.el9_0.1.aarch64.rpm
SHA-256: b0ff0e33d8e6df733270e9f6bc2d799bae7c7eac22528c911b0b530565d3c7ff
open-vm-tools-debugsource-11.3.5-1.el9_0.1.aarch64.rpm
SHA-256: 0a131959cfe3862937a3dcb356172e27f04d484ee618c25ff3f719ce0664b1e8
open-vm-tools-desktop-11.3.5-1.el9_0.1.aarch64.rpm
SHA-256: 946f927204c70cfdec5c0bf626a23d1bd9cc7cab41fdb4d816308d72b3929b46
open-vm-tools-desktop-debuginfo-11.3.5-1.el9_0.1.aarch64.rpm
SHA-256: 8a21773847dcb3a55f22f6b4c1203e17990307622ceeb9fe86d39aa43ee40dca
open-vm-tools-sdmp-debuginfo-11.3.5-1.el9_0.1.aarch64.rpm
SHA-256: 58db197c9c4c665786c17f248ba8f119f9ff3dd56887debb86d87b7a359d3cca
open-vm-tools-test-11.3.5-1.el9_0.1.aarch64.rpm
SHA-256: af6fd793eddd170844d5bd49354dc7218e27b1bf2d1b569c89210b3069ae87ae
open-vm-tools-test-debuginfo-11.3.5-1.el9_0.1.aarch64.rpm
SHA-256: 7261e9ab97dcf1a4a641de8969493cb4f1d91f9eda1b2efbda9ea3018a1f37d1
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
Dell Unity 5.3 contain(s) an Arbitrary File Creation vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by crafting arbitrary files through a request to the server.
IBM Security Guardium 11.3, 11.4, and 11.5 could allow a local user to obtain elevated privileges due to incorrect authorization checks. IBM X-Force ID: 216753.
ISOS firmwares from versions 1.81 to 2.00 contain hardcoded credentials from embedded StreamX installer that integrators are not forced to change.
Gentoo Linux Security Advisory 202210-27 - A vulnerability has been discovered in open-vm-tools which could allow for local privilege escalation. Versions less than 12.1.0 are affected.
Red Hat Security Advisory 2022-6381-01 - The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualization components that enhance performance and user experience of virtual machines. Issues addressed include a privilege escalation vulnerability.
Red Hat Security Advisory 2022-6354-01 - The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualization components that enhance performance and user experience of virtual machines. Issues addressed include a privilege escalation vulnerability.
Red Hat Security Advisory 2022-6355-01 - The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualization components that enhance performance and user experience of virtual machines. Issues addressed include a privilege escalation vulnerability.
An update for open-vm-tools is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-31676: open-vm-tools: local root privilege escalation in the virtual machine
An update for open-vm-tools is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-31676: open-vm-tools: local root privilege escalation in the virtual machine
An update for open-vm-tools is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-31676: open-vm-tools: local root privilege escalation in the virtual machine
An update for open-vm-tools is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-31676: open-vm-tools: local root privilege escalation in the virtual machine
An update for open-vm-tools is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-31676: open-vm-tools: local root privilege escalation in the virtual machine
Ubuntu Security Notice 5578-2 - USN-5578-1 fixed a vulnerability in Open VM Tools. This update provides the corresponding update for Ubuntu 16.04 ESM. It was discovered that Open VM Tools incorrectly handled certain requests. An attacker inside the guest could possibly use this issue to gain root privileges inside the virtual machine.
An insider threat or remote attacker with initial access could exploit CVE-2022-31676 to steal sensitive data and scoop up user credentials for follow-on attacks.
Ubuntu Security Notice 5578-1 - It was discovered that Open VM Tools incorrectly handled certain requests. An attacker inside the guest could possibly use this issue to gain root privileges inside the virtual machine.
VMware Tools (12.0.0, 11.x.y and 10.x.y) contains a local privilege escalation vulnerability. A malicious actor with local non-administrative access to the Guest OS can escalate privileges as a root user in the virtual machine.