CVE-2022-22964: 
NixOS vulnerability analysis and mitigation

VMware Horizon Agent for Linux (prior to version 22.x) contains a local privilege escalation vulnerability that allows a user to escalate to root privileges due to a vulnerable configuration file. The vulnerability was assigned CVE-2022-22964 and was disclosed in April 2022 (NVD, CVE Mitre).

The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (High), with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. This indicates that the vulnerability requires local access, low attack complexity, and low privileges to exploit, with no user interaction needed. The vulnerability can result in high impacts to confidentiality, integrity, and availability (NVD).

If successfully exploited, this vulnerability allows an attacker with local access to escalate their privileges to root level on affected Linux systems running VMware Horizon Agent. This could potentially give an attacker complete control over the affected system (SecurityWeek).

VMware has released patches to address this vulnerability. Organizations running affected versions of VMware Horizon Agent for Linux should upgrade to version 22.x or later to mitigate this security issue (NVD).