VMware Tools was impacted by a local privilege escalation vulnerability (CVE-2022-31676)
VMware released security advisory VMSA-2022-0024 with Important severity affecting VMware Tools for Windows and open-vm-tools for Linux.
The fix is available in VMware Tools for Windows v12.1.0 in the VSS-Windows Content Library as Item VMware-Tools-windows-12.0.0-19345655. Please, use the VSS Portal or the VSS CLI to mount the ISO and Install the patched version.
How-To Remediate
Windows
ITS Private Cloud CLI
Mount the VMware Tools ISO
VMware-Tools-windows-12.0.0-19345655with thevss-cli:vss-cli compute vm set <id> cd up --backing VMware-Tools-windows-12.0.0-19345655.iso 1Proceed with the installation in the OS.
ITS Private Cloud Portal
Login to the
https://cloud-portal.eis.utoronto.caLook for your VM and click on the
Editbutton.Mount the VMWare Tools ISO
VMware-Tools-windows-12.0.0-19345655.Proceed with the installation in the OS.
Linux
A new
open-vm-toolsversion is available at Release open-vm-tools 12.1.0 · vmware/open-vm-tools (github.com).A patch for existing open-vm-tools releases is provided in the CVE-2022-31676 README file.
Ubuntu, Debian and related OS
sudo apt update && sudo apt install --only-upgrade open-vm-toolsRedHat, Fedora, CentOS and related
You can update the open-vm-tools package with the following command:
Red Hat 7 / Fedora / CentOS 7
sudo yum update open-vm-tools
Red Hat 8 and 9
sudo dnf update open-vm-tools
As an alternative solution, you can build from source the open-vm-tools package.
The following KB provides the steps to build and install open-vm-tools from source How-to Install latest open-vm-tools from source on CentOS 7
SLE and OpenSuSE
You can update the open-vm-tools package with the following command:
zypper install open-vm-tools
References
Related content
University of Toronto - Since 1827