VMware Workstation and Fusion Vulnerability: Out-of-Bounds Read in USB CCID
CVE-2024-22251
5.9MEDIUM
Key Information:
- Vendor
- VMware
- Vendor
- CVE Published:
- 29 February 2024
Summary
VMware Workstation and Fusion contain an out-of-bounds read vulnerability in the USB CCID (chip card interface device). A malicious actor with local administrative privileges on a virtual machine may trigger an out-of-bounds read leading to information disclosure.
Affected Version(s)
VMware Fusion MacOS 13.x < 13.5.1
VMware Workstation Windows 17.x < 17.5.1
References
CVSS V3.1
Score:
5.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved