PT-2023-8895 · Vmware+10 · Open-Vm-Tools+10

Matthias Gerstner

Published

2023-10-26

Updated

2025-08-24

CVE-2023-34059

CVSS v3.1

7.4

High

Vector

AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions open-vm-tools (affected versions not specified)

Description The issue is related to a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges may be able to hijack the /dev/uinput file descriptor, allowing them to simulate user inputs. This could potentially enable the attacker to bypass existing security restrictions.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Incorrect Privilege Assignment

Improper Resource Release

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-266CWE-404

Related Identifiers

ALSA-2023:7265

ALSA-2023:7277

ALT-PU-2023-6667

ALT-PU-2024-1233

ALT-PU-2024-1863

ALT-PU-2024-3160

AZL-31733

BDU:2024-02571

CESA-2023_7265

CESA-2023_7279

CVE-2023-34059

DLA-3646-1

DSA-5543-1

MGASA-2024-0058

OESA-2023-1831

OESA-2023-1832

OESA-2023-1833

OPENSUSE-SU-2023_4227-1

OPENSUSE-SU-2024:13374-1

RHSA-2023:7260

RHSA-2023:7261

RHSA-2023:7262

RHSA-2023:7263

RHSA-2023:7264

RHSA-2023:7265

RHSA-2023:7267

RHSA-2023:7276

RHSA-2023:7277

RHSA-2023:7279

RHSA-2023_7265

RHSA-2023_7277

RHSA-2023_7279

RLSA-2023:7265

SUSE-SU-2023:4227-1

SUSE-SU-2023:4228-1

SUSE-SU-2023:4229-1

SUSE-SU-2023:4230-1

USN-6463-1

USN-6463-2

USN-7714-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

Open-Vm-Tools

PT-2023-8895 · Vmware+10 · Open-Vm-Tools+10

CVE-2023-34059

Weakness Enumeration

Related Identifiers

Affected Products

References · 86