CVE-2023-34059
HIGHVMware Open VM Tools 11.0.0-12.2.9 - File Descriptor Hijack via vmware-user-suid-wrapper
Title source: llmDescription
open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges may be able to hijack the /dev/uinput file descriptor allowing them to simulate user inputs.
References (11)
Core 11
Core References
Mailing List, Patch, Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/10/27/2
Mailing List, Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/10/27/3
Mailing List, Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/11/msg00002.html
Third Party Advisory
https://www.debian.org/security/2023/dsa-5543
Mailing List, Third Party Advisory
https://lists.fedoraproject.org/archives/list/[email protected]/message/G7G77Z76CQPGUF7VHRA6O3UFCMPPR4O2/
Mailing List, Third Party Advisory
https://lists.fedoraproject.org/archives/list/[email protected]/message/MQUOFQL2SNNNMKROQ3TZQY4HEYMNOIBW/
Mailing List, Third Party Advisory
https://lists.fedoraproject.org/archives/list/[email protected]/message/WLTKVTRKQW2GD2274H3UOW6XU4E62GSK/
Scores
CVSS v3
7.4
EPSS
0.0008
EPSS Percentile
23.1%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-404
Status
published
Products (4)
debian/debian_linux
10.0
debian/debian_linux
11.0
debian/debian_linux
12.0
vmware/open_vm_tools
11.0.0 - 12.3.0
Published
Oct 27, 2023
Tracked Since
Feb 18, 2026