Published: 04/01/2022 Updated: 21/11/2024

Heap-Overflow Exploit in VMware CD-ROM Emulation Leads to RCE

VMware ESXi (versions 7.0, 6.7 before ESXi670-202111101-SG, and 6.5 before ESXi650-202110101-SG), VMware Workstation (version 16.2.0), and VMware Fusion (version 12.2.0) have a heap-overflow vulnerability in the CD-ROM device emulation. A malicious actor who can access a virtual machine with CD-ROM device emulation could exploit this vulnerability, along with other issues, to run code on the hypervisor from the virtual machine.

Vulnerable Product	Search on Vulmon	Subscribe to Product
vmware cloud foundation
vmware workstation
vmware fusion
vmware esxi 6.5
vmware esxi 6.7
vmware esxi 7.0

CWE-787 https://nvd.nist.gov https://www.zerodayinitiative.com/advisories/ZDI-22-003/https://www.first.org/epss http://packetstormsecurity.com/files/165440/VMware-Security-Advisory-2022-0001.html https://www.vmware.com/security/advisories/VMSA-2022-0001.html https://www.zerodayinitiative.com/advisories/ZDI-22-003/http://packetstormsecurity.com/files/165440/VMware-Security-Advisory-2022-0001.html https://www.vmware.com/security/advisories/VMSA-2022-0001.html https://www.zerodayinitiative.com/advisories/ZDI-22-003/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2021-22045

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect