===================================================================
                              CERT-Renater

                   Note d'Information No. 2022/VULN145
______________________________________________________________________

DATE                : 07/04/2022

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S) : Systems running VMware Horizon Client for Linux
                               versions prior to 2203.

=====================================================================
https://www.vmware.com/security/advisories/VMSA-2022-0012.html
_______________________________________________________________________

Important

  Advisory ID:     VMSA-2022-0012
CVSSv3 Range:    7.3
Issue Date:      2022-04-06
Updated On:      2022-04-06 (Initial Advisory)
CVE(s):          CVE-2022-22962, CVE-2022-22964
Synopsis:        VMware Horizon Client for Linux update addresses 

                  multiple vulnerabilities (CVE-2022-22962,
                  CVE-2022-22964)


1. Impacted Products

VMware Horizon Client for Linux


2. Introduction

Multiple vulnerabilities in VMware Horizon Client for Linux were 
privately reported to VMware. Updates are available to remediate these 
vulnerabilities in affected VMware products.

3a. User-controlled folder path customization privilege escalation 
vulnerability (CVE-2022-22962)

Description

VMware Horizon Client for Linux contains a local privilege escalation 
vulnerability. VMware has evaluated the severity of this issue to be in 
the Important severity range with a maximum CVSSv3 base score of 7.3.

Known Attack Vectors

A low-privileged malicious actor with local access to Horizon Client for 
Linux may be able to change the default shared folder location due to a 
vulnerable symbolic link. Successful exploitation can result in linking 
to a root owned file.

Resolution

To remediate CVE-2022-22962 apply the patches listed in the 'Fixed 
Version' column of the 'Response Matrix' found below.

Workarounds

None.

Additional Documentation

None.

Notes

None.


Acknowledgements

VMware would like to thank Jack Luketina for reporting this issue to us.

3b. User configurable agent privilege escalation vulnerability 
(CVE-2022-22964)

Description

VMware Horizon Client for Linux contains a local privilege escalation 
vulnerability. VMware has evaluated the severity of this issue to be in 
the Important severity range with a maximum CVSSv3 base score of 7.3.

Known Attack Vectors

A low-privileged malicious actor with local access to Horizon Client for 
Linux may be able to escalate privileges to root due to a vulnerable 
configuration file.

Resolution

To remediate CVE-2022-22964 apply the patches listed in the 'Fixed 
Version' column of the 'Response Matrix' found below.

Workarounds

None.

Additional Documentation

None.

Notes

None.


Acknowledgements

VMware would like to thank Jack Luketina for reporting this issue to us.

Response Matrix 3a, 3b

Product	Version   Running On    CVE Identifier    CVSSv3   Severity
Fixed Version	Workarounds	Additional Documentation

Horizon Client for Linux   21.x   Linux   CVE-2022-22962, CVE-2022-22964
7.3   Important    2203   None    None


4. References

Fixed Version(s) and Release Notes:

VMware Horizon Client for Linux 2203


Downloads and Documentation:
https://docs.vmware.com/en/VMware-Horizon-Client-for-Linux/2203/rn/vmware-horizon-client-for-linux-2203-release-notes/index.html


Mitre CVE Dictionary Links:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22962
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22964


FIRST CVSSv3 Calculator:
CVE-2022-22962: 
https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
CVE-2022-22964: 
https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H


5. Change Log

2022-04-06 VMSA-2022-0012
Initial security advisory.


6. Contact

E-mail list for product security notifications and announcements:
https://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:
security-announce@lists.vmware.com  bugtraq@securityfocus.com 
fulldisclosure@seclists.org

E-mail: security@vmware.com

PGP key at:
https://kb.vmware.com/kb/1055
  VMware Security Advisories
https://www.vmware.com/security/advisories

VMware Security Response Policy
https://www.vmware.com/support/policies/security_response.html

VMware Lifecycle Support Phases
https://www.vmware.com/support/policies/lifecycle.html

VMware Security & Compliance Blog  https://blogs.vmware.com/security

Twitter
https://twitter.com/VMwareSRC


Copyright 2022 VMware Inc. All rights reserved.

=========================================================
+ CERT-RENATER       |    tel : 01-53-94-20-44          +
+ 23/25 Rue Daviel   |    fax : 01-53-94-20-41          +
+ 75013 Paris        |    email:cert@support.renater.fr +
=========================================================