How severe is CVE-2022-34892?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.8 out of 10.

What type of vulnerability is CVE-2022-34892?

This is classified as CWE-362, which is a common weakness in software security.

CVE-2022-34892 - HIGH Severity | CVSS 7.8

Vulnerability Description

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop Parallels Desktop 17.1.1. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the update machanism. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-16396.

Related Vulnerabilities

CVE-2014-9914

HIGH

CVSS:7.8(High)

Race condition in the ip4_datagram_release_cb function in net/ipv4/datagram.c in the Linux kernel before 3.15.2 allows local users to gain privileges or cause a denial of service (use-after-free) by l...

CWE-3622014

CVE-2016-3914

HIGH

CVSS:7.8(High)

Race condition in providers/telephony/MmsProvider.java in Telephony in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows attacke...

CWE-3622016

CVE-2016-7911

HIGH

CVSS:7.8(High)

Race condition in the get_task_ioprio function in block/ioprio.c in the Linux kernel before 4.6.6 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted iopr...

CWE-3622016

CVE-2016-8655

HIGH

CVSS:7.8(High)

Race condition in net/packet/af_packet.c in the Linux kernel through 4.8.12 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging the CAP_NET_RAW capability...

CWE-3622016

CVE-2016-9038

HIGH

CVSS:7.8(High)

An exploitable double fetch vulnerability exists in the SboxDrv.sys driver functionality of Invincea-X 6.1.3-24058. A specially crafted input buffer and race condition can result in kernel memory corr...

CWE-3622016

CVE-2016-9794

HIGH

CVSS:7.8(High)

Race condition in the snd_pcm_period_elapsed function in sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel before 4.7 allows local users to cause a denial of service (use-after-free) or p...

CWE-3622016