VMware Tools Vulnerability

VMWare has released new VMWare Tools 12.1.5 to address the Denial Of Service Vulnerability, affecting only the Windows Operating systems.

It was privately reported to VMware that the VMware Tools for Windows contained a denial-of-service flaw. For the impacted VMware products, updates are readily accessible to address this vulnerability.

A denial-of-service flaw exists in the VM3DMP driver of VMware Tools for Windows. According to VMware, the maximum CVSSv3 base score for this issue is 3.3, placing it in the Low Severity Range.

Know Attack Vendors

A malicious actor with local user privileges in the Windows guest OS, where VMware Tools is installed, can trigger a PANIC in the VM3DMP driver leading to a denial-of-service condition in the Windows guest OS.

Affected Versions

VMWare Tools for Windows Running with 12. x.y,11.x.y, and 10. x.y

Resolution

To remediate CVE-2022-31693 apply the VMWare Tools 12.1.5

For More Information please Refer to the VMware VMSA-2022-0029