VMware recently addressed several security flaws that could potentially allow attackers to execute malicious code on the host system from within a virtual machine. These vulnerabilities affect the virtualized USB controllers used in VMware hypervisors, including VMware ESXi, VMware Workstation, VMware Fusion, and VMware Cloud Foundation.
The security patches released by VMware this week specifically target two use-after-free memory vulnerabilities in the UHCI USB and XHCI USB controllers, identified as CVE-2024-22252 and CVE-2024-22253. These vulnerabilities, rated at 9.3 out of 10 on the CVSS severity scale, could be exploited by a malicious actor with local administrative privileges on a virtual machine to execute code within the VMX process running on the host.
According to VMware, the exploitation of these vulnerabilities is contained within the VMX sandbox on ESXi, but on Workstation and Fusion, it could result in code execution on the machine where the software is installed. However, even within the sandboxed environment of ESXi, there is an additional vulnerability that poses risks of remote code execution. This escape from the VMX sandbox is made possible by an out-of-bounds write vulnerability identified as CVE-2024-22254, rated with a severity of 7.9.
In addition to these critical vulnerabilities, VMware also patched a fourth flaw in the UHCI USB controller, known as CVE-2024-22255, which could be exploited to leak memory from the VMX process. This information disclosure vulnerability is rated at 7.1 on the severity scale.
It is worth noting that threat actors have previously targeted vulnerabilities in virtualization products to carry out cyber attacks, such as deploying ransomware. For instance, a Chinese cyberespionage group was found to have exploited a critical remote code execution vulnerability in VMware vCenter Server for over a year before it was eventually patched in October of the previous year.
These recent security patches from VMware highlight the ongoing importance of maintaining and updating virtualization software to protect against potential security threats. As the virtualization landscape continues to evolve, it is crucial for organizations and individuals to stay vigilant and prioritize cybersecurity measures to safeguard their systems and sensitive data.
In conclusion, the vulnerabilities in VMware’s USB controllers serve as a reminder of the constant threat posed by cyber attacks and the critical need for proactive security measures to mitigate risks and protect virtualized environments from potential breaches and exploits.