VMware Tools (12.0.0, 11.x.y and 10.x.y) contains a local privilege escalation vulnerability. A malicious actor with local non-administrative access to the Guest OS can escalate privileges as a root user in the virtual machine.
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Tools | Vmware | 10.0.0 (including) | 12.1.0 (excluding) |
| Red Hat Enterprise Linux 7 | RedHat | open-vm-tools-0:11.0.5-3.el7_9.4 | * |
| Red Hat Enterprise Linux 8 | RedHat | open-vm-tools-0:11.3.5-1.el8_6.1 | * |
| Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions | RedHat | open-vm-tools-0:10.3.10-3.el8_1.3 | * |
| Red Hat Enterprise Linux 8.2 Extended Update Support | RedHat | open-vm-tools-0:11.0.0-4.el8_2.1 | * |
| Red Hat Enterprise Linux 8.4 Extended Update Support | RedHat | open-vm-tools-0:11.2.0-2.el8_4.1 | * |
| Red Hat Enterprise Linux 9 | RedHat | open-vm-tools-0:11.3.5-1.el9_0.1 | * |
| Open-vm-tools | Ubuntu | bionic | * |
| Open-vm-tools | Ubuntu | esm-infra/xenial | * |
| Open-vm-tools | Ubuntu | focal | * |
| Open-vm-tools | Ubuntu | jammy | * |
| Open-vm-tools | Ubuntu | trusty | * |
| Open-vm-tools | Ubuntu | upstream | * |
| Open-vm-tools | Ubuntu | xenial | * |