CVE-2022-31696

8.8HIGH

Key Information:

Vendor: Vmware
Status: Vmware Esxi, Vmware Cloud Foundation
Vendor: CVE Published:; 13 December 2022

Summary

VMware ESXi contains a memory corruption vulnerability that exists in the way it handles a network socket. A malicious actor with local access to ESXi may exploit this issue to corrupt memory leading to an escape of the ESXi sandbox.

Affected Version(s)

VMware ESXi, VMware Cloud Foundation VMware ESXi (7.0 prior to ESXi70U3si-20841705, 6.7 prior to ESXi670-202210101-SG, 6.5 prior to ESXi650-202210101-SG), VMware Cloud Foundation (4.x, 3.x)

References

https://www.vmware.com/security/advisories/VMSA-2022-0030...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Dec 13, 2022
Vulnerability Reserved
May 25, 2022