CVE-2022-31681: Null Pointer Dereference
First published: Fri Oct 07 2022(Updated: )
VMware ESXi contains a null-pointer deference vulnerability. A malicious actor with privileges within the VMX process only, may create a denial of service condition on the host.
Credit: security@vmware.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| VMware Cloud Foundation | >=4.2<4.3.1.1 | |
| VMware Cloud Foundation | =4.4 | |
| VMware Cloud Foundation | =4.4.1 | |
| VMware Cloud Foundation | =4.4.1.1 | |
| VMware ESXi | <7.0 | |
| VMware ESXi | =7.0 | |
| VMware ESXi | =7.0-beta | |
| VMware ESXi | =7.0-update_1 | |
| VMware ESXi | =7.0-update_1a | |
| VMware ESXi | =7.0-update_1b | |
| VMware ESXi | =7.0-update_1c | |
| VMware ESXi | =7.0-update_1d | |
| VMware ESXi | =7.0-update_1e | |
| VMware ESXi | =7.0-update_2 | |
| VMware ESXi | =7.0-update_2a | |
| VMware ESXi | =7.0-update_2c | |
| VMware ESXi | =7.0-update_2d | |
| VMware ESXi | =7.0-update_2e | |
| VMware ESXi | =7.0-update_3c | |
| VMware ESXi | =7.0-update_3d | |
| VMware ESXi | =7.0-update_3e |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2022-31681?
CVE-2022-31681 is a null-pointer deference vulnerability in VMware ESXi that can be exploited by a malicious actor to create a denial of service condition on the host.
Which software is affected by CVE-2022-31681?
VMware ESXi versions 7.0 and VMware Cloud Foundation versions 4.2 to 4.3.1.1 and 4.4 to 4.4.1.1 are affected by CVE-2022-31681.
What is the severity of CVE-2022-31681?
CVE-2022-31681 has a severity rating of 6.5 (medium).
How can a malicious actor exploit CVE-2022-31681?
A malicious actor with privileges within the VMX process can exploit CVE-2022-31681 to create a denial of service condition on the host.
Where can I find more information about CVE-2022-31681?
You can find more information about CVE-2022-31681 at the following reference link: [VMware Security Advisory VMSA-2022-0025](https://www.vmware.com/security/advisories/VMSA-2022-0025.html).
- collector/nvd-index
- agent/softwarecombine
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/last-modified-date
- agent/weakness
- agent/remedy
- agent/author
- agent/severity
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- vendor/vmware
- canonical/vmware cloud foundation
- version/vmware cloud foundation/4.2
- version/vmware cloud foundation/4.4
- version/vmware cloud foundation/4.4.1
- version/vmware cloud foundation/4.4.1.1
- canonical/vmware esxi
- version/vmware esxi/7.0
- version/vmware esxi/7.0-beta
- version/vmware esxi/7.0-update_1
- version/vmware esxi/7.0-update_1a
- version/vmware esxi/7.0-update_1b
- version/vmware esxi/7.0-update_1c
- version/vmware esxi/7.0-update_1d
- version/vmware esxi/7.0-update_1e
- version/vmware esxi/7.0-update_2
- version/vmware esxi/7.0-update_2a
- version/vmware esxi/7.0-update_2c
- version/vmware esxi/7.0-update_2d
- version/vmware esxi/7.0-update_2e
- version/vmware esxi/7.0-update_3c
- version/vmware esxi/7.0-update_3d
- version/vmware esxi/7.0-update_3e