all InfoSec news
CVE-2022-31696: An Analysis of a VMware ESXi TCP Socket Keepalive Type Confusion LPE
Malware Analysis, News and Indicators - Latest topics malware.news
Last year we published our patch gap analysis of ESXi’s TCP/IP stack, which is forked from FreeBSD 8.2. While our focus was mainly on missing FreeBSD patches in ESXi, we also came across a type confusion bug in code introduced by VMware. This blog post details a vulnerability I discovered in ESXi’s implementation of the setsockopt system call that could lead to a sandbox escape. The vulnerability was assigned CVE-2022-31696 and disclosed as part of the advisory VMSA-2022-003. Additionally, …
analysis blog blog post bug code cve esxi focus freebsd gap ip stack lpe missing patch patches socket stack tcp type confusion vmware vmware esxi