1. Summary

Vulnerability Name

Use-after-free vulnerability in XHCI USB controller (CVE-2024-22252)
Use-after-free vulnerability in UHCI USB controller (CVE-2024-22253)
Out-of-bounds write vulnerability in VMware ESXi (CVE-2024-22254)
Information disclosure vulnerability in UHCI USB controller (CVE-2024-22255)

Release Date

8 March, 2024

Component Name

XHCI USB controller
UHCI USB controller
VMware ESXi

Affected Versions

VMware ESXi 8.0
VMware ESXi 7.0
VMware Workstation 17.x
VMware Fusion 13.x (MacOS)
VMware Cloud Foundation (ESXi) 5.x/4.x

Vulnerability Type

Use-after-free vulnerability
Out-of-bounds write vulnerability
Information disclosure vulnerability

Severity

CVSS v3 Base Score: 7.1 – 9.3 (High to Critical)

 

2. About the Vulnerabilities

2.1 Description of Affected Components

  • VMware ESXi is an enterprise-grade server virtualization product that can be installed on physical servers. ESXi is a lightweight, efficient, easy-to-manage, secure, and scalable virtualization infrastructure that helps enterprises achieve optimal utilization and management of their server resources.
  • VMware Workstation is a virtualization software that allows users to run multiple operating systems simultaneously on a single physical machine for development, testing, and deployment purposes.
  • VMware Fusion is a virtualization software for Mac users, enabling them to run Windows and other operating systems alongside macOS without rebooting, ideal for development and testing.
  • The VMware XHCI USB controller Is a virtual USB controller that supports USB 3.0 devices in VMware virtual machines.
  • The VMware UHCI USB controller is a virtual USB controller that supports USB 1.1 devices, enabling their use in VMware virtual machines for legacy device compatibility and integration.

2.2 Description of Vulnerabilities

On March 8, 2024, Sangfor FarSight Labs received notification of four vulnerabilities in VMware products, ranging from high to critical severity. The following table provides an overview of these vulnerabilities.

No. Vulnerability Name Affected Versions Severity Level
1 Use-after-free vulnerability in XHCI USB controller (CVE-2024-22252) ESXi 8.0, ESXi 7.0, Workstation 17.x, Fusion 13.x (MacOS), and Cloud Foundation (ESXi) 5.x/4.x ESXi: High (CVSS Score 8.4) Workstation/Fusion: Critical (CVSS Score 9.3)
2 Use-after-free vulnerability in UHCI USB controller (CVE-2024-22253) ESXi 8.0, ESXi 7.0, Workstation 17.x, Fusion 13.x (MacOS), and Cloud Foundation (ESXi) 5.x/4.x ESXi: High (CVSS Score 8.4) Workstation/Fusion: Critical (CVSS Score 9.3)
3 Out-of-bounds write vulnerability in VMware ESXi (CVE-2024-22254) ESXi 8.0, ESXi 7.0 High (CVSS Score 7.9)
4 Information disclosure vulnerability in UHCI USB controller (CVE-2024-22255) ESXi 8.0, ESXi 7.0, Workstation 17.x, Fusion 13.x (MacOS), and Cloud Foundation (ESXi) 5.x/4.x High (CVSS Score 7.1)

 

Use-after-free vulnerability in XHCI USB controller (CVE-2024-22252)

A use-after-free vulnerability was found in the XHCI USB controller, affecting VMware ESXi, Workstation, and Fusion. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On ESXi, the exploitation is contained within the VMX sandbox whereas, on Workstation and Fusion, this may lead to code execution on the machine where Workstation or Fusion is installed.

Use-after-free vulnerability in UHCI USB controller (CVE-2024-22253)

A use-after-free vulnerability was found in the UHCI USB controller, affecting VMware ESXi, Workstation, and Fusion. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On ESXi, the exploitation is contained within the VMX sandbox whereas, on Workstation and Fusion, this may lead to code execution on the machine where Workstation or Fusion is installed.

Out-of-bounds write vulnerability in VMware ESXi (CVE-2024-22254)

An out-of-bounds write vulnerability was found in VMware ESXi. A malicious actor with privileges within the VMX process may trigger an out-of-bounds write leading to an escape of the sandbox.

Information disclosure vulnerability in UHCI USB controller (CVE-2024-22255)

An information disclosure vulnerability was found in the UHCI USB controller, affecting VMware ESXi, Workstation, and Fusion. A malicious actor with administrative access to a virtual machine may be able to exploit this issue to leak memory from the VMX process.

3. Affected Versions

VMware ESXi 8.0

VMware ESXi 7.0

VMware Workstation 17.x

VMware Fusion 13.x (MacOS)

VMware Cloud Foundation (ESXi) 5.x/4.x

4. Solutions

4.1 Remediation Solutions

4.1.1 Official Solution

VMware has released patches for affected versions to fix these vulnerabilities, and affected users are recommended to download the corresponding patches from the following link: https://www.vmware.com/security/advisories/VMSA-2024-0006.html

5. Timeline

On March 8, 2024, Sangfor FarSight Labs received notification of multiple vulnerabilities in VMware products.

On March 8, 2024, Sangfor FarSight Labs released a vulnerability alert.

6. References

https://www.vmware.com/security/advisories/VMSA-2024-0006.html

7. About Sangfor FarSight Labs

Sangfor FarSight Labs researches the latest cyberthreats and unknown zero-day vulnerabilities, alerting customers to potential dangers to their organizations, and providing real-time solutions with actionable intelligence. Sangfor FarSight Labs works with other security vendors and the security community at large to identify and verify global cyberthreats, providing fast and easy protection for customers.

Listen To This Post

Search

Get in Touch

Get in Touch with Sangfor Team for Business Inquiry

Related Articles

New TellYouThePass Ransomware Variant Discovered In The Wild

Date : 25 Mar 2024
Read Now

New Mallox Ransomware Variant Discovered In The Wild

Date : 12 Mar 2024
Read Now

CVE-2024-21413: Microsoft Outlook Remote Code Execution Vulnerability

Date : 24 Feb 2024
Read Now

See Other Product

Platform-X
Sangfor Access Secure
Sangfor SSL VPN
Nano Cloud
Best Darktrace Cyber Security Competitors and Alternatives in 2024
Sangfor Omni-Command