USN-7714-1: Open VM Tools vulnerabilities
Publication date
24 August 2025
Overview
Several security issues were fixed in Open VM Tools.
Releases
Packages
- open-vm-tools - Open VMware Tools for virtual machines hosted on VMware
Details
Matthias Gerstner discovered that Open VM Tools incorrectly handled file
descriptors when dropping privileges. A local attacker could possibly use
this issue to hijack /dev/uinput and simulate user inputs. (CVE-2023-34059)
Dolev Farhi discovered that Open VM Tools incorrectly handled certain file
permissions. A local attacker could possibly use this issue to setup a
symlink
attack and override files without authorization. (CVE-2014-4199)
Matthias Gerstner discovered that Open VM Tools incorrectly handled file
descriptors when dropping privileges. A local attacker could possibly use
this issue to hijack /dev/uinput and simulate user inputs. (CVE-2023-34059)
Dolev Farhi discovered that Open VM Tools incorrectly handled certain file
permissions. A local attacker could possibly use this issue to setup a
symlink
attack and override files without authorization. (CVE-2014-4199)
Update instructions
In general, a standard system update will make all the necessary changes.
Learn more about how to get the fixes.The problem can be corrected by updating your system to the following package versions:
| Ubuntu Release | Package Version | ||
|---|---|---|---|
| 14.04 trusty | open-vm-tools – 2:9.4.0-1280544-5ubuntu6.4+esm1 | ||
| open-vm-tools-desktop – 2:9.4.0-1280544-5ubuntu6.4+esm1 | |||
Reduce your security exposure
Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.