Network

CVE-2021-31693: VMware Tools for Windows update addresses a denial-of-service vulnerability

vmwarefrsd4

VMware Tools is a set of services and modules that enable several features in VMware products for better management of guests operating systems and seamless user interactions with them. VMware Tools has the ability to pass messages from the host operating system to the guest operating system. Here are some interesting guides: VMware Workstation states: What are the differences between Suspend, Power Off, and Run in Background, what are the differences between vSphere, ESXi, and Center, how To Deploy Azure VMware Solution Private Cloud, and how to create and delete a snapshot on VMware Workstation.

Therefore, VMware Tools is a suite of utilities that enhances the performance of the virtual machine guest operating system and improves the management of the virtual machine. Without VMware Tools installed in your guest operating system, guest performance lacks important functionality. Installing VMware Tools improves these issues low video resolution, inadequate color depth, incorrect display of network speed, restricted movement of the mouse, inability to copy and paste and drag and drop files, missing sound, and provides the ability to take quiesced snapshots of the guest OS, and synchronizes the time in the guest operating system with the time on the host

Impacted Product

VMware Tools for Windows

A denial-of-service vulnerability in VMware Tools for Windows was privately reported to VMware. Updates are available to remediate this vulnerability in affected VMware products. You may want to see this guide: How to create and delete a snapshot on VMware Workstation, how to install Windows Server 2022 on VMware Workstation and Initialize and format a virtual disk: How to add and remove a new virtual disk from a VM on VMware Workstation.


Issue description

VMware Tools for Windows contains a denial-of-service vulnerability in the VM3DMP driver. VMware has evaluated the severity of this issue to be in the Low Severity Range with a maximum CVSSv3 base score of 3.3.

How can this vulnerability be exploited?

On devices where the VMware Tools is installed, an attacker (a malicious actor) with local user privileges in the Windows guest OS can trigger a PANIC in the VM3DMP driver leading to a denial-of-service condition in the Windows guest OS.

How can this vulnerability be exploited?

This vulnerability does not have a workaround. To remediate this issue (CVE-2022-31693), please apply the patches listed in the ‘Fixed Version’ column of the ‘Response Matrix’ found below.

ProductVersionRunning OnCVE IdentifierCVSSv3SeverityFixed VersionWorkaroundsAdditional Documentation
VMware Tools for Windows12.x.y, 11.x.y and 10.x.yWindowsCVE-2022-316933.3Low 12.1.5NoneNone

I hope you found this blog post helpful. Please let me know in the comment session if you have any questions.

Subscribe
Notify of
guest

0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x