all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

CVE-2022-31696: An Analysis of a VMware ESXi TCP Socket Keepalive Type Confusion LPE

Add to bookmarks
June 22, 2023, 4 p.m. | Reno Robert

Zero Day Initiative - Blog www.zerodayinitiative.com

Last year we published our patch gap analysis of ESXi’s TCP/IP stack, which is forked from FreeBSD 8.2. While our focus was mainly on missing FreeBSD patches in ESXi, we also came across a type confusion bug in code introduced by VMware. This blog post details a vulnerability I discovered in ESXi’s implementation of the setsockopt system call that could lead to a sandbox escape. The vulnerability was assigned CVE-2022-31696 and disclosed as part of the advisory VMSA-2022-003. Additionally, …

analysis blog blog post bug code cve esxi focus freebsd gap ip stack lpe missing patch patches socket stack tcp type confusion vmware vmware esxi

Visit resource

More from www.zerodayinitiative.com / Zero Day Initiative - Blog

CVE-2024-20697: Windows Libarchive Remote Code Execution Vulnerability 2 weeks ago | www.zerodayinitiative.com
amp blog post bug code +25
The April 2024 Security Updates Review 3 weeks, 1 day ago | www.zerodayinitiative.com
adobe april blog post can +12
Pwn2Own Vancouver 2024 - Day Two Results 1 month, 1 week ago | www.zerodayinitiative.com
blog post chrome edge event +10
Pwn2Own Vancouver 2024 - Day One Results 1 month, 1 week ago | www.zerodayinitiative.com
blog blog post browser day one +11
Pwn2Own Vancouver 2024 - The Full Schedule 1 month, 1 week ago | www.zerodayinitiative.com
blog post
The March 2024 Security Update Review 1 month, 2 weeks ago | www.zerodayinitiative.com
adobe blog post can check +14
CVE-2023-36049: Microsoft .NET CRLF Injection Arbitrary File Write/Deletion Vulnerability 1 month, 3 weeks ago | www.zerodayinitiative.com
arbitrary file write blog post bug crlf injection +26
The February 2024 Security Update Review 2 months, 2 weeks ago | www.zerodayinitiative.com
adobe blog post february latest +11
CVE-2023-46263: Ivanti Avalanche Arbitrary File Upload Vulnerability 2 months, 3 weeks ago | www.zerodayinitiative.com
avalanche blog post code code execution +32

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Sr. Cloud Security Engineer

@ BLOCKCHAINS | USA - Remote
View on infosec-jobs.com

Network Security (SDWAN: Velocloud) Infrastructure Lead

@ Sopra Steria | Noida, Uttar Pradesh, India
View on infosec-jobs.com

Senior Python Engineer, Cloud Security

@ Darktrace | Cambridge
View on infosec-jobs.com

Senior Security Consultant

@ Nokia | United States
View on infosec-jobs.com

Manager, Threat Operations

@ Ivanti | United States, Remote
View on infosec-jobs.com

Lead Cybersecurity Architect - Threat Modeling | AWS Cloud Security

@ JPMorgan Chase & Co. | Columbus, OH, United States
View on infosec-jobs.com
View more jobs