Multiple vulnerabilities in VMware Horizon Client for Linux were privately reported to VMware. Updates are available to remediate these vulnerabilities in affected VMware products (VMware Horizon Client for Linux). In this guide, we will be discussing the multiple vulnerabilities which are the User-controlled folder path customization privilege escalation vulnerability (CVE-2022-22962), and the User-configurable agent privilege escalation vulnerability (CVE-2022-22964). For other fixes, kindly refer to these guides: CVE-2022-22965: VMware Response to Spring Framework Remote Code Execution Vulnerability, VMware vCenter Server updates address an information disclosure vulnerability, and Patch available to address vCenter Server information disclosure vulnerability.
A: User-controlled folder path customization privilege escalation vulnerability (CVE-2022-22962)
VMware Horizon Client for Linux contains a local privilege escalation vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.3.
Known Attack Vectors
A low-privileged malicious actor with local access to Horizon Client for Linux may be able to change the default shared folder location due to a vulnerable symbolic link. Successful exploitation can result in linking to a root-owned file.
Resolution
To remediate CVE-2022-22962 apply the patches listed in the ‘Fixed Version’ column of the ‘Response Matrix’ below. There isn’t a workaround for this issue.
B: User-configurable agent privilege escalation vulnerability (CVE-2022-22964)
VMware Horizon Client for Linux contains a local privilege escalation vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.3.
Known Attack Vectors
A low-privileged malicious actor with local access to Horizon Client for Linux may be able to escalate privileges to root due to a vulnerable configuration file.
Resolution
To remediate CVE-2022-22964 apply the patches listed in the ‘Fixed Version’ column of the ‘Response Matrix’ found below. There isn’t a workaround for this issue.
Response Matrix A, and B
This table addresses the remediation needed to fix the User-controlled folder path customization privilege escalation vulnerability (CVE-2022-22962), and User-configurable agent privilege escalation vulnerability (CVE-2022-22964).
| Product | Version | Running On | CVE Identifier | CVSSv3 | Severity | Fixed Version | ||
| Horizon Client for Linux | 21.x | Linux | CVE-2022-22962, CVE-2022-22964 | 7.3 | Important | 2203 |
I hope you found this blog post helpful. Please let me know in the comment session if you have any questions.