VMware Workstation and Fusion Vulnerability: Out-of-Bounds Read in USB CCID
CVE-2024-22251
5.9MEDIUM
Key Information
- Vendor
- VMware
- Status
- Vmware Workstation
- Vmware Fusion
- Vendor
- CVE Published:
- 29 February 2024
Summary
VMware Workstation and Fusion contain an out-of-bounds read vulnerability in the USB CCID (chip card interface device). A malicious actor with local administrative privileges on a virtual machine may trigger an out-of-bounds read leading to information disclosure.
Affected Version(s)
VMware Workstation < 17.5.1
VMware Fusion < 13.5.1
CVSS V3.1
Score:
5.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Changed
Timeline
Vulnerability published.
Vulnerability Reserved.
Collectors
NVD DatabaseMitre Database