Login Sign Up

CVE-2022-22942

7.8 HIGH

📋 TL;DR

CVE-2022-22942 is a local privilege escalation vulnerability in the vmwgfx driver that allows unprivileged local users to access files opened by other processes through a dangling file pointer. This affects systems running VMware Photon OS with vulnerable versions of the vmwgfx driver. Attackers can potentially read sensitive data from other processes.

💻 Affected Systems

Products:
  • VMware Photon OS
Versions: Photon OS 3.0 and 4.0 before security updates
Operating Systems: Linux
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems using the vmwgfx driver, typically VMware virtual environments.

📦 What is this software?

Photon Os by Vmware

View all CVEs affecting Photon Os →

Photon Os by Vmware

View all CVEs affecting Photon Os →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker gains full system access by reading sensitive files like /etc/shadow or process memory, leading to complete system compromise.

🟠

Likely Case

Local users access sensitive files from other processes, potentially exposing credentials, configuration files, or other confidential data.

🟢

If Mitigated

With proper access controls and patching, impact is limited to denial of service or minimal information disclosure.

🌐 Internet-Facing: LOW - This is a local privilege escalation requiring local access to the system.
🏢 Internal Only: HIGH - Any local user on affected systems can potentially exploit this vulnerability to access sensitive data.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires local access and knowledge of the dangling pointer condition. Public exploit details are available in security advisories.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Photon OS 3.0-356 and 4.0-148

Vendor Advisory: https://github.com/vmware/photon/wiki/Security-Update-3.0-356

Restart Required: Yes

Instructions:

1. Update Photon OS using 'tdnf update'. 2. Apply security updates for vmwgfx driver. 3. Reboot the system to load the patched driver.

🔧 Temporary Workarounds

Disable vmwgfx driver

linux

Remove or blacklist the vulnerable driver module

echo 'blacklist vmwgfx' >> /etc/modprobe.d/blacklist.conf
rmmod vmwgfx

🧯 If You Can't Patch

  • Restrict local user access to affected systems
  • Implement strict file permissions and access controls

🔍 How to Verify

Check if Vulnerable:

Check Photon OS version with 'cat /etc/photon-release' and verify if below 3.0-356 or 4.0-148

Check Version:

cat /etc/photon-release

Verify Fix Applied:

Verify kernel module version with 'modinfo vmwgfx | grep version' and check for updated driver

📡 Detection & Monitoring

Log Indicators:

  • Kernel logs showing vmwgfx driver errors
  • Unauthorized file access attempts in audit logs

Network Indicators:

  • None - local exploitation only

SIEM Query:

Search for 'vmwgfx' in kernel logs or module loading events

📊 Metadata

CVE ID: CVE-2022-22942
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-416
Published: December 13, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-22942, you might also want to check these:

CVE-2025-24085 10.0

This CVE describes a use-after-free vulnerability (CWE-416) in Apple operating systems that allows m...

Same vulnerability type (CWE-416)
CVE-2024-43102 10.0

This CVE describes a use-after-free vulnerability in FreeBSD's umtx (user mutex) subsystem where con...

Same vulnerability type (CWE-416)
CVE-2021-33796 10.0

CVE-2021-33796 is a use-after-free vulnerability in MuJS's regexp source property access that can le...

Same vulnerability type (CWE-416)