CVE-2022-22942

HIGH

vmwgfx Driver File Descriptor Handling Priv Esc

Title source: metasploit
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-22942. PoCs published by h00die, Mathias Krause, including Metasploit module exploits/linux/local/vmwgfx_fd_priv_esc.

AI-analyzed exploit summary This Metasploit module exploits a file descriptor handling vulnerability in the vmwgfx driver (CVE-2022-22942) to achieve local privilege escalation by overwriting a SUID binary with a payload, granting root access.

Description

The vmwgfx driver contains a local privilege escalation vulnerability that allows unprivileged users to gain access to files opened by other processes on the system through a dangling 'file' pointer.

Exploits (1)

metasploit WORKING POC GOOD
by h00die, Mathias Krause · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/local/vmwgfx_fd_priv_esc.rb

This Metasploit module exploits a file descriptor handling vulnerability in the vmwgfx driver (CVE-2022-22942) to achieve local privilege escalation by overwriting a SUID binary with a payload, granting root access.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Linux kernel 4.14-rc1 - 5.17-rc1 with vmwgfx driver
No auth needed
Prerequisites: Access to a vulnerable Linux system with the vmwgfx driver loaded · Write access to /dev/dri/card0 or /dev/dri/renderD128 · Presence of a SUID binary like /bin/chfn or /bin/chage
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 7.8
EPSS 0.0258
EPSS Percentile 83.2%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-416
Status published
Products (2)
vmware/photon_os 3.0
vmware/photon_os 4.0
Published Dec 13, 2023
Tracked Since Feb 18, 2026