6658 – [Anolis OS 8] Bugfix for CVE-2023-20900

Bug 6658 - [Anolis OS 8] Bugfix for CVE-2023-20900

Summary: [Anolis OS 8] Bugfix for CVE-2023-20900

Status:	NEW

Alias:	None

Product:	Anolis OS 8
Classification:	Anolis OS
Component:	BaseOS Packages (show other bugs)	BaseOS Packages
Sub Component:
Version:	8.6
Hardware:	All Linux

Importance:	P2-High S2-major
Target Milestone:	---
Assignee:	wangkaiqiang
QA Contact:	shuming

URL:
Whiteboard:
Keywords:	CVE

Depends on:
Blocks:

Reported:	2023-09-21 10:29 UTC by 小龙
Modified:	2023-10-10 15:08 UTC (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description 小龙 admin

2023-09-21 10:29:11 UTC

Description:
A malicious actor that has been granted  Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html  in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged  Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html .

Broken commit info:

Bugfix commit info:
https://github.com/vmware/open-vm-tools/commit/74b6d0d9000eda1a2c8f31c40c725fb0b8520b16