{"id":"CVE-2023-34059","details":"open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges may be able to hijack the \n/dev/uinput file descriptor allowing them to simulate user inputs.","modified":"2026-04-16T04:36:37.257176663Z","published":"2023-10-27T05:15:39.013Z","related":["ALSA-2023:7265","ALSA-2023:7277","SUSE-SU-2023:4227-1","SUSE-SU-2023:4228-1","SUSE-SU-2023:4229-1","SUSE-SU-2023:4230-1","openSUSE-SU-2024:13374-1"],"references":[{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2023/11/27/1"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G7G77Z76CQPGUF7VHRA6O3UFCMPPR4O2/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQUOFQL2SNNNMKROQ3TZQY4HEYMNOIBW/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLTKVTRKQW2GD2274H3UOW6XU4E62GSK/"},{"type":"WEB","url":"https://www.openwall.com/lists/oss-security/2023/10/27/3"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2023/11/26/1"},{"type":"ADVISORY","url":"https://www.debian.org/security/2023/dsa-5543"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2023/10/27/3"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2023/11/msg00002.html"},{"type":"ADVISORY","url":"https://www.vmware.com/security/advisories/VMSA-2023-0024.html"},{"type":"FIX","url":"http://www.openwall.com/lists/oss-security/2023/10/27/2"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/vmware/open-vm-tools","events":[{"introduced":"801d4b7f4978945aa0fd53259011e2da6345cc43"},{"last_affected":"865e76adf86fb38380220a3b760aa92ba5407c60"},{"introduced":"0"},{"last_affected":"801d4b7f4978945aa0fd53259011e2da6345cc43"},{"introduced":"0"},{"last_affected":"b7ab96e6e38f6559cb882278a53d7a7ea5c0592c"}],"database_specific":{"versions":[{"introduced":"11.0.0"},{"last_affected":"12.3.0"},{"introduced":"0"},{"last_affected":"11.0"},{"introduced":"0"},{"last_affected":"12.0"}]}}],"versions":["2008.02.13-77928","2008.04.04-87182","2008.05.02-90473","2008.05.15-93084","2008.05.15-93241","2008.06.03-96374","2008.06.20-100027","2008.07.01-102166","2008.10.10-123053","2008.11.18-130226","2008.12.23-137496","2009.01.21-142982","2009.02.18-148847","2009.03.18-154848","2009.04.23-162451","2009.05.22-167859","2009.06.18-172495","2009.07.22-179896","2009.08.24-187411","2009.09.18-193784","2009.10.15-201664","2009.11.16-210370","2009.12.16-217847","2010.01.19-226760","2010.02.23-236320","2010.03.20-243334","2010.04.25-253928","2010.06.16-268169","2010.07.25-280253","2010.08.24-292196","2010.09.19-301124","2010.10.18-313025","2010.11.17-327185","2010.12.19-339835","2011.01.24-354108","2011.03.28-387002","2011.04.25-402641","2011.05.27-420096","2011.06.27-437995","2011.07.19-450511","2011.08.21-471295","2011.09.23-491607","2011.10.26-514583","2011.11.20-535097","2011.12.20-562307","2012.03.13-651368","2012.05.21-724730","2012.10.14-874563","2012.12.26-958366","2013.04.16-1098359","2013.09.16-1328054","open-vm-tools-10.0.0-3000743","p4-sync-929606","stable-10.0.5","stable-11.0.0","stable-12.0.0","stable-12.3.0","stable-9.10.0","stable-9.10.2"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"10.0"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-34059.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}