CVE-2022-31681NULL Pointer Dereference in Vmware Cloud Foundation

CWE-476NULL Pointer Dereference4 documents4 sources
Severity
6.5MEDIUMNVD
EPSS
0.1%
top 66.83%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Vmware Cloud FoundationVmware EsxiVmware Esxi
Timeline
PublishedOct 7
Latest updateOct 8

Description

VMware ESXi contains a null-pointer deference vulnerability. A malicious actor with privileges within the VMX process only, may create a denial of service condition on the host.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:HExploitability: 2.0 | Impact: 4.0

Affected Packages3 packages

NVDvmware/esxi< 7.0+1
CVEListV5vmware/vmware_esxiVMware ESXi (7.0 prior to ESXi70U3sf-20036586, 6.7 prior to ESXi670-202210101-SG & 6.5 prior to ESXi650-202210101-SG)
NVDvmware/cloud_foundation4.24.3.1.1+3

Patches

Patch: www.vmware.comPatch: www.vmware.com

🔴Vulnerability Details

2
GHSA
GHSA-5996-c7cm-2xrf: VMware ESXi contains a null-pointer deference vulnerability2022-10-08
CVEList
CVE-2022-31681: VMware ESXi contains a null-pointer deference vulnerability2022-10-07

📋Vendor Advisories

1
VMware
VMware ESXi and vCenter Server updates address multiple security vulnerabilities (CVE-2022-31680, CVE-2022-31681)2022-10-06
CVE-2022-31681 — NULL Pointer Dereference in Vmware | cvebase