VMware updates address multiple security vulnerabilities - XIOLOGIX XIOLOGIX
CloudSecurity

VMware updates address multiple security vulnerabilities

Attention all users of VMware ESXi, Workstation, and Fusion!

We have important news to share regarding a recent issue that may affect your operations.
Please read on to understand the situation and what steps you should take.

You are affected by this vulnerability if you have a certain versions of:

  • VMware ESXi
  • VMware Workstation Pro / Player
  • VMware Fusion Pro / Fusion
  • VMware Cloud Foundation

VMware is alerting users to address critical vulnerabilities that could potentially allow hackers to compromise sandboxed and hypervisor protections across all versions of VMware ESXi, Workstation, Fusion, and Cloud Foundation products, including those that are no longer supported. These vulnerabilities, including two with severity ratings of 9.3, pose a significant threat as they undermine the core security purpose of VMware products to isolate sensitive operations within virtual machines from the host environment.

Described as an “emergency change” under VMware’s IT Infrastructure Library (ITIL) process, the company urges organizations to take prompt action to mitigate the risks posed by these vulnerabilities. A detailed advisory provides specific details about the impacted products and vulnerabilities, such as CVE-2024-22252, CVE-2024-22253, CVE-2024-22254, and CVE-2024-22255.

The vulnerabilities mainly affect the USB controllers used by the products to support peripheral devices, such as keyboards and mice, with exploitation scenarios outlined for each. VMware advises customers to apply patches promptly to address these vulnerabilities. A temporary workaround involves removing USB controllers from vulnerable virtual machines, though it may impact virtual console functionality.

CVE-2024-22252 is a critical use-after-free vulnerability in the XHCI USB controller, enabling a user with local administrative privileges on a virtual machine to execute code within the VMX process on the host, with potential code execution on the host machine in Workstation and Fusion.

CVE-2024-22253 is a critical use-after-free vulnerability in the UHCI USB controller. Similar to CVE-2024-22252, it allows a user with local administrative privileges to execute code within the VMX process on the host.

CVE-2024-22254 is an out-of-bounds write vulnerability with a maximum severity base score of 7.9. It enables an individual with privileges within the VMX process to trigger an out-of-bounds write, potentially resulting in a sandbox escape.

CVE-2024-22255 involves an information disclosure vulnerability in the UHCI USB controller, with a maximum CVSSv3 base score of 7.1. An individual with administrative access to a virtual machine can exploit this vulnerability to leak memory from the VMX process.

While Broadcom, VMware’s parent company, emphasizes the importance of patching these vulnerabilities to prevent potential exploitation, there is currently no evidence of active attacks exploiting these vulnerabilities. Please take the steps outlined in this blog post to ensure your VMware environment remains secure. For expert assistance in securing your VMware environment and addressing these critical vulnerabilities, reach out to Xiologix!

For more detailed information, readers can refer to the VMware documentation: VMSA-2024-0006.1 (vmware.com)

Stay vigilant, stay secure!