CVE-2024-22252 VMware ESXi, Workstation RCE on HOST
CVE-2024-22252-POC CVE-2024-22252 VMware ESXi, Workstation RCE on HOST
VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On ESXi, the exploitation is contained within the VMX sandbox whereas, on Workstation and Fusion, this may lead to code execution on the machine where Workstation or Fusion is installed.
VMware fixes critical sandbox escape flaws in ESXi, Workstation, and Fusion By Bill Toulas March 6, 2024 10:39 AM 3 VMware released security updates to fix critical sandbox escape vulnerabilities in VMware ESXi, Workstation, Fusion, and Cloud Foundation products, allowing attackers to escape virtual machines and access the host operating system. These types of flaws are critical as they could permit attackers to gain unauthorized access to the host system where a hypervisor is installed or acces...
Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Critical vulns in USB under ESXi and desktop hypervisors found by Chinese researchers at cracking contest
Hypervisors are supposed to provide an inviolable isolation layer between virtual machines and hardware. But hypervisor heavyweight VMware by Broadcom yesterday revealed its hypervisors are not quite so inviolable as it might like. In a security advisory the Broadcom business unit warned of four flaws. The nastiest two – CVE-2024-22252 and 22253 – are rated 9.3/10 on VMware's Workstation and Fusion desktop hypervisors and 8.4 on the ESXi server hypervisor. The flaws earned those ratings as t...