CVE-2022-22962

Name of the Vulnerable Software and Affected Versions VMware Horizon Agent for Linux versions prior to 22.x

Description The issue is related to a local privilege escalation vulnerability due to a symbolic link tracking flaw. This allows an attacker to potentially elevate their privileges. The vulnerability can be exploited by changing the default shared folder location, which could result in linking to a root-owned file, thus enabling the attacker to gain higher privileges.

Recommendations For versions prior to 22.x, update to version 22.x or later to resolve the issue. As a temporary workaround, consider restricting access to the default shared folder location to minimize the risk of exploitation.