CVE-2024-22254

VMware fixes critical sandbox escape flaws in ESXi, Workstation, and Fusion By Bill Toulas March 6, 2024 10:39 AM 3 VMware released security updates to fix critical sandbox escape vulnerabilities in VMware ESXi, Workstation, Fusion, and Cloud Foundation products, allowing attackers to escape virtual machines and access the host operating system. These types of flaws are critical as they could permit attackers to gain unauthorized access to the host system where a hypervisor is installed or acces...

Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Critical vulns in USB under ESXi and desktop hypervisors found by Chinese researchers at cracking contest

Hypervisors are supposed to provide an inviolable isolation layer between virtual machines and hardware. But hypervisor heavyweight VMware by Broadcom yesterday revealed its hypervisors are not quite so inviolable as it might like. In a security advisory the Broadcom business unit warned of four flaws. The nastiest two – CVE-2024-22252 and 22253 – are rated 9.3/10 on VMware's Workstation and Fusion desktop hypervisors and 8.4 on the ESXi server hypervisor. The flaws earned those ratings as t...