Launchpad CVE tracker

CVE 2023-34059

open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges may be able to hijack the /dev/uinput file descriptor allowing them to simulate user inputs.

Related bugs and status

CVE-2023-34059 (Candidate) is related to these bugs:

Bug #2028420: Backport open-vm-tools 12.3.5 for jammy, lunar and mantic

		In	Importance	Status
2028420	Backport open-vm-tools 12.3.5 for jammy, lunar and mantic	open-vm-tools (Ubuntu)	Undecided	Fix Released
2028420	Backport open-vm-tools 12.3.5 for jammy, lunar and mantic	open-vm-tools (Ubuntu Jammy)	Undecided	Fix Released
2028420	Backport open-vm-tools 12.3.5 for jammy, lunar and mantic	open-vm-tools (Ubuntu Lunar)	Undecided	Won't Fix
2028420	Backport open-vm-tools 12.3.5 for jammy, lunar and mantic	open-vm-tools (Ubuntu Noble)	Undecided	Fix Released
2028420	Backport open-vm-tools 12.3.5 for jammy, lunar and mantic	open-vm-tools (Ubuntu Mantic)	Undecided	Fix Released

Bug #2041691: open-vm-tools 12.3.5 has been released

Summary				In	Importance	Status
	2041691	open-vm-tools 12.3.5 has been released		open-vm-tools (Ubuntu)	Undecided	New

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2023-34059

References