CVE-2022-22942
Published: 13 December 2023
Summary
CVE-2022-22942 is a high-severity Use After Free (CWE-416) vulnerability in Vmware Photon Os. Its CVSS base score is 7.8 (High).
Operationally, ranked in the top 5.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
The vmwgfx driver contains a use-after-free vulnerability (CWE-416) stemming from a dangling file pointer. This flaw affects the VMware graphics driver used in virtualized environments, notably within VMware Photon OS distributions, and carries a CVSS 3.1 base score of 7.8 reflecting local attack vector and high impact on confidentiality, integrity, and availability.
An unprivileged local user can exploit the dangling pointer to access files opened by other processes on the system, resulting in local privilege escalation. The attack requires no user interaction and operates with low complexity under the listed CVSS metrics.
Security updates addressing the issue are documented in VMware Photon OS advisories for versions 3.0-356 and 4.0-148, along with an oss-security disclosure from January 2022 that directs administrators to apply the corresponding kernel or driver patches. The associated EPSS score remains flat at a peak of 0.1353 with no material upward trajectory observed after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-28067
Vulnerability details
The vmwgfx driver contains a local privilege escalation vulnerability that allows unprivileged users to gain access to files opened by other processes on the system through a dangling 'file' pointer.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Use-after-free exploits that achieve arbitrary code execution are blocked or significantly hardened by non-executable pages and ASLR.