all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

CVE-2022-31696: An Analysis of a VMware ESXi TCP Socket Keepalive Type Confusion LPE

Add to bookmarks
June 22, 2023, 4:05 p.m. | MalBot

Malware Analysis, News and Indicators - Latest topics malware.news

Last year we published our patch gap analysis of ESXi’s TCP/IP stack, which is forked from FreeBSD 8.2. While our focus was mainly on missing FreeBSD patches in ESXi, we also came across a type confusion bug in code introduced by VMware. This blog post details a vulnerability I discovered in ESXi’s implementation of the setsockopt system call that could lead to a sandbox escape. The vulnerability was assigned CVE-2022-31696 and disclosed as part of the advisory VMSA-2022-003. Additionally, …

analysis blog blog post bug code cve esxi focus freebsd gap ip stack lpe missing patch patches socket stack tcp type confusion vmware vmware esxi

Visit resource

More from malware.news / Malware Analysis, News and Indicators - Latest topics

Red Hat's latest enterprise Linux delivers new features to tackle hybrid-cloud complexity an hour ago | malware.news
addition article cloud complexity +13
NASA doesn't know if its spacecraft have adequate cyber defenses, GAO warns an hour ago | malware.news
agency article best practices cyber +11
US warns of Russian hackers targeting operational technology in water systems an hour ago | malware.news
advisory breached hackers official +10
Senators grill UnitedHealth CEO on Change Healthcare cyberattack 2 hours ago | malware.news
article ceo change change healthcare +13
‘Uncharted Territory:’ Companies Devise AI Security Policies 3 hours ago | malware.news
ai security businesses companies don +14
Significant drop recorded in FBI searches of Section 702 database 3 hours ago | malware.news
act agency database fbi +8
Lumen DDoS Essentials: Your Shield Against Cyber Threats 4 hours ago | malware.news
applications business cto cyber +19
Cisco security advisory (AV24-236) 4 hours ago | malware.news
advisory article canadian canadian centre for cyber security +8
Malicious Life Podcast: The Source Code of Malicious Life 5 hours ago | malware.news
back code goes israeli +13

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Azure DevSecOps Cloud Engineer II

@ Prudent Technology | McLean, VA, USA
View on infosec-jobs.com

Security Engineer III - Python, AWS

@ JPMorgan Chase & Co. | Bengaluru, Karnataka, India
View on infosec-jobs.com

SOC Analyst (Threat Hunter)

@ NCS | Singapore, Singapore
View on infosec-jobs.com

Managed Services Information Security Manager

@ NTT DATA | Sydney, Australia
View on infosec-jobs.com

Senior Security Engineer (Remote)

@ Mattermost | United Kingdom
View on infosec-jobs.com

Penetration Tester (Part Time & Remote)

@ TestPros | United States - Remote
View on infosec-jobs.com
View more jobs