===================================================================== CERT-Renater Note d'Information No. 2021/VULN025 _____________________________________________________________________ DATE : 2022-01-19 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): System Windows Running VMware Workstation and Horizon Client ===================================================================== https://www.vmware.com/security/advisories/VMSA-2022-0002.html _____________________________________________________________________ Advisory ID: VMSA-2022-0002 CVSSv3 Range: 4.0 Issue Date: 2022-01-18 Updated On: 2022-01-18 (Initial Advisory) CVE(s): CVE-2022-22938 Synopsis: VMware Workstation and Horizon Client for Windows updates address a denial-of-service vulnerability (CVE-2022-22938) 1. Impacted Products VMware Workstation Pro / Player (Workstation) VMware Horizon Client for Windows 2. Introduction A denial-of-service vulnerability in VMware Workstation and Horizon Client for Windows was privately reported to VMware. Updates are available to remediate this vulnerability in affected VMware products. 3. Denial-of-service vulnerability via Cortado ThinPrint (CVE-2022-22938) Description VMware Workstation and Horizon Client for Windows contains a denial-of-service vulnerability in the Cortado ThinPrint component. The issue exists in the TrueType font parser. VMware has evaluated the severity of the issue to be in the Moderate severity range with a CVSSv3 base score of 4.0. Known Attack Vectors A malicious actor with access to a virtual machine or remote desktop may exploit this issue to trigger a denial-of-service condition in the Thinprint service running on the host machine where VMware Workstation or Horizon Client for Windows is installed. Resolution To remediate CVE-2022-22938 apply the patches listed in the 'Fixed Version' column of the 'Response Matrix' found below. Workarounds None. Additional Documentation None. Notes Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon Client for Windows. Acknowledgements VMware would like to thank Gabriel Durdiak, a former intern of Quarkslab for reporting this issue to us. Response Matrix Product Version Running On CVE Identifier CVSSv3 Severity Fixed Version Workarounds Additional Documentation Workstation 16.x Windows CVE-2022-22938 4.0 Moderate 16.2.2 None None Horizon Client for Windows 5.x Windows CVE-2022-22938 4.0 Moderate 5.5.3 None None 4. References Fixed Version(s) and Release Notes: VMware Workstation Pro 16.2.2 Downloads and Documentation: https://customerconnect.vmware.com/downloads/details?downloadGroup=WKST-1622-WIN&productId=1038&rPId=82543 https://docs.vmware.com/en/VMware-Workstation-Pro/16.2.2/rn/VMware-Workstation-1622-Pro-Release-Notes.html VMware Workstation Player 16.2.2 Downloads and Documentation: https://customerconnect.vmware.com/en/downloads/details?downloadGroup=WKST-PLAYER-1622&productId=1039&rPId=82555 https://docs.vmware.com/en/VMware-Workstation-Player/16.2.2/rn/VMware-Workstation-1622-Player-Release-Notes.html VMware Horizon Client 5.5.3 Downloads and Documentation: https://customerconnect.vmware.com/en/downloads/details?downloadGroup=CART23FQ1_WIN_553&productId=863&rPId=83368 https://docs.vmware.com/en/VMware-Horizon-Client-for-Windows/5.5.3/rn/VMware-Horizon-Client-for-Windows-553-Release-Notes.html Mitre CVE Dictionary Links: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22938 FIRST CVSSv3 Calculator: CVE-2022-22938 - https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 5. Change Log 2022-01-18 VMSA-2022-0002 Initial security advisory. 6. Contact E-mail list for product security notifications and announcements: https://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce This Security Advisory is posted to the following lists: security-announce@lists.vmware.com bugtraq@securityfocus.com fulldisclosure@seclists.org E-mail: security@vmware.com PGP key at: https://kb.vmware.com/kb/1055 VMware Security Advisories https://www.vmware.com/security/advisories VMware Security Response Policy https://www.vmware.com/support/policies/security_response.html VMware Lifecycle Support Phases https://www.vmware.com/support/policies/lifecycle.html VMware Security & Compliance Blog https://blogs.vmware.com/security Twitter https://twitter.com/VMwareSRC Copyright 2022 VMware Inc. All rights reserved. ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================