Heap Overflow Vulnerability in VMware ESXi and Workstation Products
CVE-2021-22045

7.8HIGH

Key Information:

Vendor
Vmware
Status
Vmware Esxi, Vmware Workstation And Vmware Fusion
Vendor
CVE Published:
4 January 2022

Summary

A heap overflow vulnerability exists in VMware ESXi, Workstation, and Fusion related to CD-ROM device emulation. Malicious actors with access to a vulnerable virtual machine could exploit this flaw, potentially leading to code execution on the hypervisor. Products affected include VMware ESXi versions 7.0, 6.7 (prior to ESXi670-202111101-SG), 6.5 (prior to ESXi650-202110101-SG), VMware Workstation 16.2.0, and VMware Fusion 12.2.0, emphasizing the need for prompt updates and security measures.

Affected Version(s)

VMware ESXi, VMware Workstation and VMware Fusion VMware ESXi (7.0, 6.7 before ESXi670-202111101-SG and 6.5 before ESXi650-202110101-SG), VMware Workstation (16.2.0) and VMware Fusion (12.2.0)

References

https://www.vmware.com/security/advisories/VMSA-2022-0001...
x_refsource_MISC
http://packetstormsecurity.com/files/165440/VMware-Securi...
x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-22-003/
x_refsource_MISC

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.