VMware Issues Security Patches for ESXi, Workstation, and Fusion Flaws

2024-03-06 07:20

VMware has released patches to address four security flaws impacting ESXi, Workstation, and Fusion, including two critical flaws that could lead to code execution. Tracked as CVE-2024-22252 and CVE-2024-22253, the vulnerabilities have been described as use-after-free bugs in the XHCI USB controller. They carry a CVSS score of 9.3 for Workstation and Fusion, and 8.4 for ESXi systems. "A

News URL

https://thehackernews.com/2024/03/vmware-issues-security-patches-for-esxi.html

#esxi #security #vmware #CVE-2024-22252 #CVE-2024-22253

Related Vulnerability

DATE	CVE	VULNERABILITY TITLE	RISK
2024-03-05	CVE-2024-22253	VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the UHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.	0.0
2024-03-05	CVE-2024-22252	VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.	0.0

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Vmware		186	83	403	203	107	796