VMSA-2022-0002:VMware Workstation and Horizon Client for Windows updates address a denial-of-service vulnerability
1. Impacted Products
- VMware Workstation Pro / Player (Workstation)
- VMware Horizon Client for Windows
2. Introduction
A denial-of-service vulnerability in VMware Workstation and Horizon Client for Windows was privately reported to VMware. Updates are available to remediate this vulnerability in affected VMware products.
3. Denial-of-service vulnerability via Cortado ThinPrint (CVE-2022-22938)
Description
VMware Workstation and Horizon Client for Windows contains a denial-of-service vulnerability in the Cortado ThinPrint component. The issue exists in the TrueType font parser. VMware has evaluated the severity of the issue to be in the Moderate severity range with a CVSSv3 base score of 4.0.
Known Attack Vectors
A malicious actor with access to a virtual machine or remote desktop may exploit this issue to trigger a denial-of-service condition in the Thinprint service running on the host machine where VMware Workstation or Horizon Client for Windows is installed.
Resolution
To remediate CVE-2022-22938 apply the patches listed in the 'Fixed Version' column of the 'Response Matrix' found below.
Workarounds
None.
Additional Documentation
None.
Notes
Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon Client for Windows.
Acknowledgements
VMware would like to thank Gabriel Durdiak, a former intern of Quarkslab for reporting this issue to us.
Response Matrix
4. References
Fixed Version(s) and Release Notes:
VMware Workstation Pro 16.2.2
Downloads and Documentation:
https://customerconnect.vmware.com/downloads/details?downloadGroup=WKST-1622-WIN&productId=1038&rPId=82543
https://docs.vmware.com/en/VMware-Workstation-Pro/16.2.2/rn/VMware-Workstation-1622-Pro-Release-Notes.html
VMware Workstation Player 16.2.2
Downloads and Documentation:
https://customerconnect.vmware.com/en/downloads/details?downloadGroup=WKST-PLAYER-1622&productId=1039&rPId=82555
https://docs.vmware.com/en/VMware-Workstation-Player/16.2.2/rn/VMware-Workstation-1622-Player-Release-Notes.html
VMware Horizon Client 5.5.3
Downloads and Documentation:
https://customerconnect.vmware.com/en/downloads/details?downloadGroup=CART23FQ1_WIN_553&productId=863&rPId=83368
https://docs.vmware.com/en/VMware-Horizon-Client-for-Windows/5.5.3/rn/VMware-Horizon-Client-for-Windows-553-Release-Notes.html
Mitre CVE Dictionary Links:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22938
FIRST CVSSv3 Calculator:
CVE-2022-22938 - https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5. Change Log
2022-01-18 VMSA-2022-0002
Initial security advisory.
6. Contact
E-mail list for product security notifications and announcements:
https://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
E-mail: [email protected]
PGP key at:
VMware Security Advisories
https://www.vmware.com/security/advisories
VMware Security Response Policy
https://www.vmware.com/support/policies/security_response.html
VMware Lifecycle Support Phases
https://www.vmware.com/support/policies/lifecycle.html
VMware Security & Compliance Blog
https://blogs.vmware.com/security
Copyright 2022 VMware Inc. All rights reserved.