Main Vulnerability Database Vulnerabilities #VU70156

#VU70156 Out-of-bounds write in VMware ESXi - CVE-2022-31705

Published: December 13, 2022 / Updated: January 9, 2023

Vulnerability identifier: #VU70156

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Green

CVE-ID: CVE-2022-31705

CWE-ID: CWE-787

Exploitation vector: Remote access

Exploit availability: Public exploit is available

Vulnerable software:
VMware ESXi

Software vendor:
VMware, Inc

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the USB 2.0 controller (EHCI). A local privileged user on the guest OS can trigger an out-of-bounds write and execute arbitrary code as the virtual machine's VMX process running on the host.

Remediation

Install updates from vendor's website.

Note, on ESXi the exploitation is contained within the VMX sandbox.

External links

https://www.vmware.com/security/advisories/VMSA-2022-0033.html

#VU70156 Out-of-bounds write in VMware ESXi - CVE-2022-31705

Description

Remediation

External links

Please verify you're human