diff --git a/meta-oe/recipes-support/open-vm-tools/open-vm-tools/CVE-2022-31676.patch b/meta-oe/recipes-support/open-vm-tools/open-vm-tools/CVE-2022-31676.patch new file mode 100644 index 00000000000..c62826c3e03 --- /dev/null +++ b/meta-oe/recipes-support/open-vm-tools/open-vm-tools/CVE-2022-31676.patch @@ -0,0 +1,33 @@ +From 86f97ab82b284abd89bdee40ad1255578d205877 Mon Sep 17 00:00:00 2001 +From: Vijay Anusuri +Date: Thu, 2 Mar 2023 05:57:43 +0000 +Subject: [PATCH] Properly check authorization on incoming guestOps requests. + +Fix public pipe request checks. Only a SessionRequest type should +be accepted on the public pipe. + +Upstream-Status: Backport [https://github.com/vmware/open-vm-tools/commit/70a74758bfe0042c27f15ce590fb21a2bc54d745] +CVE: CVE-2022-31676 +Signed-off-by: Vijay Anusuri +--- + open-vm-tools/vgauth/serviceImpl/proto.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/open-vm-tools/vgauth/serviceImpl/proto.c b/open-vm-tools/vgauth/serviceImpl/proto.c +index ab36dca4..b044eace 100644 +--- open-vm-tools/vgauth/serviceImpl/proto.c ++++ open-vm-tools/vgauth/serviceImpl/proto.c +@@ -1202,6 +1202,10 @@ Proto_SecurityCheckRequest(ServiceConnection *conn, + VGAuthError err; + gboolean isSecure = ServiceNetworkIsConnectionPrivateSuperUser(conn); + ++ if (conn->isPublic && req->reqType != PROTO_REQUEST_SESSION_REQ) { ++ return VGAUTH_E_PERMISSION_DENIED; ++ } ++ + switch (req->reqType) { + /* + * This comes over the public connection; alwsys let it through. +-- +2.18.2 + diff --git a/meta-oe/recipes-support/open-vm-tools/open-vm-tools_10.1.5.bb b/meta-oe/recipes-support/open-vm-tools/open-vm-tools_10.1.5.bb index 81e8e96249a..a68cbcb4ec6 100644 --- a/meta-oe/recipes-support/open-vm-tools/open-vm-tools_10.1.5.bb +++ b/meta-oe/recipes-support/open-vm-tools/open-vm-tools_10.1.5.bb @@ -21,6 +21,7 @@ LICENSE_modules/freebsd/vmxnet = "GPL-2.0" LICENSE_modules/linux = "GPL-2.0" LICENSE_modules/solaris = "CDDL-1.0" +PR .= "1" SRC_URI = "git://github.com/vmware/open-vm-tools.git;protocol=https \ file://tools.conf \ file://vmtoolsd.service \ @@ -35,6 +36,7 @@ SRC_URI = "git://github.com/vmware/open-vm-tools.git;protocol=https \ file://0007-Use-configure-to-test-for-feature-instead-of-platfor.patch \ file://0008-use-posix-strerror_r-unless-gnu.patch \ file://0011-Use-configure-test-for-sys-stat.h-include.patch \ + file://CVE-2022-31676.patch \ " SRC_URI_append_libc-musl = "\ file://0009-Add-support-for-building-with-system-libtirpc.patch \