- 73/2024
- Critical
VMware has released security updates to address several vulnerabilities across multiple VMware products.
The addressed vulnerabilities could allow the attacker to obtain sensitive information, or execute arbitrary code and gain access to the affected products.
Sample of the addressed vulnerabilities:
1. VMware Workstation/Fusion Use-after-free Vulnerability in XHCI USBController (CVE-2024-22252):
- CVSS: 9.3
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Gain Access
2. VMware ESXi, Workstation, and Fusion Information Disclosure Vulnerability in UHCI USB Controller (CVE-2024-22255):
- CVSS: 7.1
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Obtain Information
Affected products:
- VMware ESXi.
- VMware Workstation Pro / Player (Workstation).
- VMware Fusion Pro / Fusion (Fusion).
- VMware Cloud Foundation (Cloud Foundation).
Vulnerabilities
- CVE-2024-22251
- CVE-2024-22252
- CVE-2024-22253
- CVE-2024-22254
- CVE-2024-22255
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.