VMware Flaws Expose Systems to Attacks & Data Theft

Four critical vulnerabilities have been identified in VMware Workstation and Fusion products, potentially allowing attackers to access confidential information, conduct DoS attacks, and execute arbitrary code.

These issues affect Workstation 17.x and Fusion 13.x versions. It is recommended to update to versions 17.5.2 and 13.5.2 respectively. Broadcom, the owner of VMware virtualization services, announced this on its official website.

CVE-2023-34060

Vulnerability Descriptions:

  • CVE-2024-22267 (CVSS 9.3): A use-after-free vulnerability in the Bluetooth device, exploitable by an attacker with local administrative rights on the virtual machine to execute code as the VMX process on the host.
  • CVE-2024-22268 (CVSS 7.1): A heap buffer overflow in Shader functionality, exploitable by an attacker with non-administrative access to a virtual machine with 3D graphics enabled, leading to a DoS condition.
  • CVE-2024-22269 (CVSS 7.1): An information disclosure vulnerability in the Bluetooth device, exploitable by an attacker with local administrative rights on the virtual machine to read confidential information from the hypervisor memory.
  • CVE-2024-22270 (CVSS 7.1): An information disclosure vulnerability in Host Guest File Sharing (HGFS), exploitable by an attacker with local administrative rights on the virtual machine to read privileged information from the hypervisor memory.

Users are advised to disable Bluetooth support on vulnerable virtual machines and deactivate 3D acceleration until updates are applied. For CVE-2024-22270, no temporary measures exist, making software updates essential.

Notably, CVE-2024-22267, CVE-2024-22269, and CVE-2024-22270 were first demonstrated by STAR Labs SG and Theori teams at the recent Pwn2Own contest in Vancouver.