CVE-2022-22973

Published on: Not Yet Published

Last Modified on: 05/27/2022 05:48:00 PM UTC

CVE-2022-22973

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Certain versions of Linux Kernel from Linux contain the following vulnerability:

VMware Workspace ONE Access and Identity Manager contain a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to 'root'.

CVE-2022-22973 has been assigned by [email protected] to track the vulnerability - currently rated as HIGH severity.

CVSS3 Score: 7.8 - HIGH

Attack Vector ^ⓘ	Attack Complexity	Privileges Required	User Interaction
LOCAL	LOW	LOW	NONE
Scope	Confidentiality Impact	Integrity Impact	Availability Impact
UNCHANGED	HIGH	HIGH	HIGH

CVSS2 Score: 7.2 - HIGH

Access Vector^ⓘ	Access Complexity	Authentication
LOCAL	LOW	NONE
Confidentiality Impact	Integrity Impact	Availability Impact
COMPLETE	COMPLETE	COMPLETE

CVE References

Description	Tags ^ⓘ	Link
VMSA-2022-0014	www.vmware.com text/html	MISC www.vmware.com/security/advisories/VMSA-2022-0014.html

By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].

Related QID Numbers

376617 VMware Identity Manager (vIDM) and Workspace ONE Access Multiple Vulnerabilities (VMSA-2022-0014)

Known Affected Configurations (CPE V2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Linux	Linux Kernel	-	All	All	All
Application	Vmware	Cloud Foundation	4.0	All	All	All
Application	Vmware	Cloud Foundation	4.0.1	All	All	All
Application	Vmware	Cloud Foundation	4.1	All	All	All
Application	Vmware	Cloud Foundation	4.1.0.1	All	All	All
Application	Vmware	Cloud Foundation	4.2	All	All	All
Application	Vmware	Cloud Foundation	4.2.1	All	All	All
Application	Vmware	Cloud Foundation	4.3	All	All	All
Application	Vmware	Cloud Foundation	4.3.1	All	All	All
Application	Vmware	Identity Manager	3.3.3	All	All	All
Application	Vmware	Identity Manager	3.3.4	All	All	All
Application	Vmware	Identity Manager	3.3.5	All	All	All
Application	Vmware	Identity Manager	3.3.6	All	All	All
Application	Vmware	Vrealize Suite Lifecycle Manager	8.0	All	All	All
Application	Vmware	Vrealize Suite Lifecycle Manager	8.0.1	All	All	All
Application	Vmware	Vrealize Suite Lifecycle Manager	8.1	All	All	All
Application	Vmware	Vrealize Suite Lifecycle Manager	8.2	All	All	All
Application	Vmware	Vrealize Suite Lifecycle Manager	8.2	patch1	All	All
Application	Vmware	Vrealize Suite Lifecycle Manager	8.2	patch2	All	All
Application	Vmware	Vrealize Suite Lifecycle Manager	8.2	patch3	All	All
Application	Vmware	Vrealize Suite Lifecycle Manager	8.3	All	All	All
Application	Vmware	Vrealize Suite Lifecycle Manager	8.3	patch1	All	All
Application	Vmware	Vrealize Suite Lifecycle Manager	8.3	patch2	All	All
Application	Vmware	Vrealize Suite Lifecycle Manager	8.3	patch3	All	All
Application	Vmware	Vrealize Suite Lifecycle Manager	8.4	All	All	All
Application	Vmware	Vrealize Suite Lifecycle Manager	8.4	patch1	All	All
Application	Vmware	Vrealize Suite Lifecycle Manager	8.4.1	All	All	All
Application	Vmware	Vrealize Suite Lifecycle Manager	8.4.1	patch1	All	All
Application	Vmware	Vrealize Suite Lifecycle Manager	8.4.1	patch2	All	All
Application	Vmware	Vrealize Suite Lifecycle Manager	8.4.1	patch3	All	All
Application	Vmware	Vrealize Suite Lifecycle Manager	8.6	All	All	All
Application	Vmware	Vrealize Suite Lifecycle Manager	8.6	patch1	All	All
Application	Vmware	Vrealize Suite Lifecycle Manager	8.6.1	All	All	All
Application	Vmware	Vrealize Suite Lifecycle Manager	8.6.2	All	All	All
Application	Vmware	Vrealize Suite Lifecycle Manager	8.7	All	All	All
Application	Vmware	Vrealize Suite Lifecycle Manager	8.8	All	All	All
Application	Vmware	Workspace One Access	20.10.0.0	All	All	All
Application	Vmware	Workspace One Access	20.10.0.1	All	All	All
Application	Vmware	Workspace One Access	21.08.0.0	All	All	All
Application	Vmware	Workspace One Access	21.08.0.1	All	All	All

cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*:
cpe:2.3:a:vmware:cloud_foundation:4.0:*:*:*:*:*:*:*:
cpe:2.3:a:vmware:cloud_foundation:4.0.1:*:*:*:*:*:*:*:
cpe:2.3:a:vmware:cloud_foundation:4.1:*:*:*:*:*:*:*:
cpe:2.3:a:vmware:cloud_foundation:4.1.0.1:*:*:*:*:*:*:*:
cpe:2.3:a:vmware:cloud_foundation:4.2:*:*:*:*:*:*:*:
cpe:2.3:a:vmware:cloud_foundation:4.2.1:*:*:*:*:*:*:*:
cpe:2.3:a:vmware:cloud_foundation:4.3:*:*:*:*:*:*:*:
cpe:2.3:a:vmware:cloud_foundation:4.3.1:*:*:*:*:*:*:*:
cpe:2.3:a:vmware:identity_manager:3.3.3:*:*:*:*:*:*:*:
cpe:2.3:a:vmware:identity_manager:3.3.4:*:*:*:*:*:*:*:
cpe:2.3:a:vmware:identity_manager:3.3.5:*:*:*:*:*:*:*:
cpe:2.3:a:vmware:identity_manager:3.3.6:*:*:*:*:*:*:*:
cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.0:*:*:*:*:*:*:*:
cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.0.1:*:*:*:*:*:*:*:
cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.1:*:*:*:*:*:*:*:
cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.2:*:*:*:*:*:*:*:
cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.2:patch1:*:*:*:*:*:*:
cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.2:patch2:*:*:*:*:*:*:
cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.2:patch3:*:*:*:*:*:*:
cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.3:*:*:*:*:*:*:*:
cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.3:patch1:*:*:*:*:*:*:
cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.3:patch2:*:*:*:*:*:*:
cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.3:patch3:*:*:*:*:*:*:
cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.4:*:*:*:*:*:*:*:
cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.4:patch1:*:*:*:*:*:*:
cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.4.1:*:*:*:*:*:*:*:
cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.4.1:patch1:*:*:*:*:*:*:
cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.4.1:patch2:*:*:*:*:*:*:
cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.4.1:patch3:*:*:*:*:*:*:
cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.6:*:*:*:*:*:*:*:
cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.6:patch1:*:*:*:*:*:*:
cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.6.1:*:*:*:*:*:*:*:
cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.6.2:*:*:*:*:*:*:*:
cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.7:*:*:*:*:*:*:*:
cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.8:*:*:*:*:*:*:*:
cpe:2.3:a:vmware:workspace_one_access:20.10.0.0:*:*:*:*:*:*:*:
cpe:2.3:a:vmware:workspace_one_access:20.10.0.1:*:*:*:*:*:*:*:
cpe:2.3:a:vmware:workspace_one_access:21.08.0.0:*:*:*:*:*:*:*:
cpe:2.3:a:vmware:workspace_one_access:21.08.0.1:*:*:*:*:*:*:*:

No vendor comments have been submitted for this CVE

Social Mentions

Source	Title	Posted (UTC)
@DavidCSloane	VMSA-2022-0014 CVSSv3 Range:7.8-9.8 CVE(s):CVE-2022-22972, CVE-2022-22973 Impacted: VMware Workspace ONE Access (Ac… twitter.com/i/web/status/1…	2022-05-18 15:39:40
@cyber	The series of vulnerabilities are CVE 2022-22954, CVE 2022-22960, CVE-2022-22972, CVE-2022-22973; read @CISAgov’s c… twitter.com/i/web/status/1…	2022-05-18 18:38:06
@ipssignatures	The vuln CVE-2022-22973 has a tweet created 0 days ago and retweeted 12 times. twitter.com/cyber/status/1… #pow1rtrtwwcve	2022-05-19 00:06:00
@ohhara_shiojiri	CVE-2022-22972,CVE-2022-22973	2022-05-19 01:23:12
@ohhara_shiojiri	今回のCVE-2022-22972とCVE-2022-22973と既に悪用されているCVE-2022-22954とCVE-2022-22960の4つの脆弱性を緊急で対応するように米国当局は警告している	2022-05-19 05:39:22
@TheHackersNews	#VMware has issued patches to address two new vulnerabilities — CVE-2022-22972 and CVE-2022-22973 — affecting Works… twitter.com/i/web/status/1…	2022-05-19 05:49:08
@IT_news_for_all	VMware has issued patches to address two new vulnerabilities — CVE-2022-22972 and CVE-2022-22973 — affecting Worksp… twitter.com/i/web/status/1…	2022-05-19 05:49:20
@_DrFrusci	#VMware has issued patches to address two new vulnerabilities — CVE-2022-22972 and CVE-2022-22973 — affecting Works… twitter.com/i/web/status/1…	2022-05-19 05:50:12
@Swati_THN	#VMware has issued patches to address two new vulnerabilities — CVE-2022-22972 and CVE-2022-22973 — affecting Works… twitter.com/i/web/status/1…	2022-05-19 06:11:00
@securityaffairs	#CISA orders federal agencies to fix #VMware CVE-2022-22972 and CVE-2022-22973 flaws securityaffairs.co/wordpress/1314… #securityaffairs #hacking	2022-05-19 06:15:57
@thedpsadvisors	CISA orders federal agencies to fix VMware CVE-2022-22972 and CVE-2022-22973 flaws securityaffairs.co/wordpress/1314…	2022-05-19 06:17:03
@shah_sheikh	CISA orders federal agencies to fix VMware CVE-2022-22972 and CVE-2022-22973 flaws: CISA orders federal agencies to… twitter.com/i/web/status/1…	2022-05-19 06:17:04
@AcooEdi	CISA orders federal agencies to fix VMware CVE-2022-22972 and CVE-2022-22973 flaws dlvr.it/SQf9MY via securityaffairs	2022-05-19 06:17:05
@Xc0resecurity	CISA orders federal agencies to fix VMware CVE-2022-22972 and CVE-2022-22973 flaws dlvr.it/SQf9Mj	2022-05-19 06:17:05
@evanderburg	CISA orders federal agencies to fix VMware CVE-2022-22972 and CVE-2022-22973 flaws i.securitythinkingcap.com/SQf9Mz	2022-05-19 06:17:05
@security_inside	CISA orders federal agencies to fix VMware CVE-2022-22972 and CVE-2022-22973 flaws securityaffairs.co/wordpress/1314…	2022-05-19 06:20:02
@Alevskey	CISA orders federal agencies to fix VMware CVE-2022-22972 and CVE-2022-22973 flaws: ift.tt/rm6AbfK by Secu… twitter.com/i/web/status/1…	2022-05-19 06:20:04
@daveDFIR	ift.tt/rm6AbfK .. CISA orders federal agencies to fix VMware CVE-2022-22972 and CVE-2022-22973 flaws #news… twitter.com/i/web/status/1…	2022-05-19 06:28:33
@greenhyhebe	CISA orders federal agencies to fix VMware CVE-2022-22972 and CVE-2022-22973 flaws ift.tt/rm6AbfK	2022-05-19 06:29:57
@IT_securitynews	CISA orders federal agencies to fix VMware CVE-2022-22972 and CVE-2022-22973 flaws itsecuritynews.info/cisa-orders-fe…	2022-05-19 06:35:48
@SakibulHasan99	#VMware has issued patches to address two new vulnerabilities — CVE-2022-22972 and CVE-2022-22973 — affecting Works… twitter.com/i/web/status/1…	2022-05-19 06:39:04
@profxeni	r/t "CISA orders federal agencies to fix VMware CVE-2022-22972 and CVE-2022-22973 flaws" bit.ly/38DS84v	2022-05-19 06:47:19
@RedPacketSec	CISA orders federal agencies to fix VMware CVE-2022-22972 and CVE-2022-22973 flaws - redpacketsecurity.com/cisa-orders-fe…… twitter.com/i/web/status/1…	2022-05-19 07:03:03
@Cyberyami1	#VMware has issued patches to address two new #vulnerabilities — CVE-2022-22972 and CVE-2022-22973 — affecting Work… twitter.com/i/web/status/1…	2022-05-19 07:14:28
@LudovicoLoreti	CISA orders federal agencies to fix VMware CVE-2022-22972 and CVE-2022-22973 flaws securityaffairs.co/wordpress/1314… #Security #CISA #VMware	2022-05-19 08:06:54
@SicurezzaICT	CISA orders federal agencies to fix VMware CVE-2022-22972 and CVE-2022-22973 flaws dlvr.it/SQfWPs	2022-05-19 08:34:01
@UK_Daniel_Card	More vulns in the same stack! CVE-2022-22972 & CVE-2022-22973 Authentication Bypass Vulnerability (CVE-2022-22972)… twitter.com/i/web/status/1…	2022-05-19 08:47:39
@netsecu	securityaffairs.co/wordpress/1314… CISA orders federal agencies to fix VMware CVE-2022-22972 and CVE-2022-22973 flaws #cybersecurity	2022-05-19 08:50:04
@unix_root	#VMware has issued patches to address two new vulnerabilities — CVE-2022-22972 and CVE-2022-22973 — affecting Works… twitter.com/i/web/status/1…	2022-05-19 09:11:00
@SecurityNewsbot	CISA orders federal agencies to fix #VMware CVE-2022-22972 and CVE-2022-22973 flaws securityaffairs.co/wordpress/1314… #SecurityAffairs	2022-05-19 09:30:11
@security_wang	#VMware has issued patches to address two new vulnerabilities — CVE-2022-22972 and CVE-2022-22973 — affecting Works… twitter.com/i/web/status/1…	2022-05-19 11:11:00
@CyberIQs_	CVE-2022-22972 & CVE-2022-22973 #infosec #infosecurity #cybersecurity #threatintel #threatintelligence #hacking… twitter.com/i/web/status/1…	2022-05-19 11:26:51
@AlirezaGhahrood	VMware has issued patches to address two new vulnerabilities — CVE-2022-22972 and CVE-2022-22973 — affecting Worksp… twitter.com/i/web/status/1…	2022-05-19 11:30:12
@cybsecbot	CISA orders federal agencies to fix VMware CVE-2022-22972 and CVE-2022-22973 flaws itsecuritynews.info/cisa-orders-fe…	2022-05-19 12:48:02
@CVEtrends	Top 3 trending CVEs on Twitter Past 24 hrs: CVE-2022-22972: 2.4M (audience size) CVE-2022-22973: 1.9M CVE-2022-138… twitter.com/i/web/status/1…	2022-05-19 13:00:03
@Har_sia	CVE-2022-22973 har-sia.info/CVE-2022-22973… #HarsiaInfo	2022-05-19 15:04:49
@ipssignatures	The vuln CVE-2022-22973 has a tweet created 0 days ago and retweeted 10 times. twitter.com/UK_Daniel_Card… #pow1rtrtwwcve	2022-05-19 16:06:01
@doukkalli	VMware has issued patches to address two new vulnerabilities — CVE-2022-22972 and CVE-2022-22973 — affecting Worksp… twitter.com/i/web/status/1…	2022-05-19 17:31:32
@Kieran_Iotabl	CVE-2022-22973 (CVSS score: 7.8), the other bug, is a case of local privilege escalation that could enable an attac… twitter.com/i/web/status/1…	2022-05-19 18:30:22
@YourAnonRiots	#VMware has issued patches to address two new vulnerabilities — CVE-2022-22972 and CVE-2022-22973 — affecting Works… twitter.com/i/web/status/1…	2022-05-19 21:17:25
@TechKeg	CISA orders federal agencies to fix VMware CVE-2022-22972 and CVE-2022-22973 flaws securityaffairs.co/wordpress/1314…… twitter.com/i/web/status/1…	2022-05-19 21:22:27
@klart_skepp	CISA orders federal agencies to fix VMware CVE-2022-22972 and CVE-2022-22973 flaws securityaffairs.co/wordpress/1314…	2022-05-19 21:40:13
@yuki_kawamitsu	VMSA-2022-0014 CVE-2022-22972, CVE-2022-22973 CVSSv3 Range: 7.8-9.8 vIDM 関連の脆弱性で VCF も対象 vmware.com/security/advis… # @VMwareより	2022-05-19 23:09:06
@TechTalkThai	พบช่องโหว่ร้ายแรงกระทบ vRealize, VCF, WorkspaceONE ทีมงาน CISA ประกาศหน่วยงานภายใต้การดูแลให้แพตช์ใน 5 วัน techtalkthai.com/cisa-urges-to-…	2022-05-20 02:45:05
@YosCiiCable	サーバサイドテンプレートインジェクションの脆弱性CVE-2022-22954、 root権限を取得されるおそれがあるCVE-2022-22960,CVE-2022-22973、認証なしに管理者としてアクセスが可能となるCVE-20… twitter.com/i/web/status/1…	2022-05-20 03:31:34
@MachinaRecord	?CVE-2022-22972、CVE-2022-22973：VMwareの新たな脆弱性2件は悪用される可能性大、CISAが緊急注意喚起 ⚠️WordPressプラグインJupiterに重大な脆弱性 ?? ??Twisted… twitter.com/i/web/status/1…	2022-05-20 08:08:00
@Har_sia	CVE-2022-22973 har-sia.info/CVE-2022-22973… #HarsiaInfo	2022-05-20 15:05:27
@CVEreport	CVE-2022-22973 : VMware Workspace ONE Access and Identity Manager contain a privilege escalation vulnerability. A m… twitter.com/i/web/status/1…	2022-05-20 21:04:40
/r/sysadmin	Emergency Directive: VMware Vulnerabilities - VMware Workspace ONE Access (Access), VMware Identity Manager (vIDM), VMware vRealize Automation (vRA), VMware Cloud Foundation, and vRealize Suite Lifecycle Manager	2022-05-18 20:15:57
/r/k12cybersecurity	MS-ISAC CYBERSECURITY ADVISORY - A Vulnerability in VMware Products Could Allow for Authentication Bypass - PATCH: NOW	2022-05-19 13:19:14
/r/netcve	CVE-2022-22973	2022-05-20 22:38:45
/r/k12cybersecurity	CORRECTED - MS-ISAC CYBERSECURITY ADVISORY - A Vulnerability in VMware Products Could Allow for Authentication Bypass - PATCH: NOW	2022-05-25 12:56:30