Multiple security flaws in VMware Workstation and Fusion have been recently addressed by VMware through the release of patches and workarounds. These vulnerabilities, if successfully exploited, could potentially lead to the unauthorized access of privileged data, execution of arbitrary code, and denial of service attacks.
The vulnerabilities identified and patched by VMware are tracked as CVE-2024-22267, CVE-2024-22268, CVE-2024-22269, and CVE-2024-22270. Each of these vulnerabilities poses a different level of risk and severity to the impacted systems.
The first vulnerability, CVE-2024-22267, involves a use-after-free vulnerability in the vbluetooth device in VMware Workstation and Fusion. VMware assessed this vulnerability with a maximum CVSSv3 base score of 9.3, categorizing it as Critical. If exploited, a malicious actor with local administrative privileges on a virtual machine could potentially execute code as the virtual machine’s VMX process running on the host.
The second vulnerability, CVE-2024-22268, relates to a heap buffer-overflow vulnerability in the Shader functionality of VMware Workstation and Fusion. With a maximum CVSSv3 base score of 7.1, this vulnerability is considered Important. It could allow a malicious actor with non-administrative access to a virtual machine with 3D graphics enabled to trigger a denial of service condition.
The third vulnerability, CVE-2024-22269, is an information leak vulnerability in the vbluetooth device in VMware Workstation and Fusion. Rated with a maximum CVSSv3 base score of 7.1, this vulnerability falls under the Important severity level. If exploited, a hostile actor with local administrative privileges on the virtual machine could potentially access privileged data from the virtual machine’s hypervisor memory.
Lastly, CVE-2024-22270 involves a vulnerability in the Host Guest File Sharing (HGFS) feature of VMware Workstation and Fusion that could expose sensitive information. VMware determined this vulnerability to have a maximum CVSSv3 base score of 7.1, categorizing it as Important. Similar to the previous vulnerability, a malicious actor with local administrative privileges on the virtual machine could read privileged data from the hypervisor memory.
VMware has released fixes for these vulnerabilities in Workstation versions 17.x and Fusion versions 13.x, with the respective patches available in versions 17.5.2 and 13.5.2. Users of the affected VMware products are strongly advised to apply these patches promptly to mitigate the risk of exploitation and protect their systems from potential security breaches.
In conclusion, addressing these security flaws in VMware Workstation and Fusion is crucial to safeguarding the integrity and confidentiality of data stored and processed on these virtualization platforms. By promptly applying the provided patches and updates, users can enhance the security posture of their systems and minimize the risk of falling victim to malicious attacks targeting these vulnerabilities.