Use-after-free vulnerability
CVE-2024-22252
Key Information:
- Vendor
- VMWare
- Vendor
- CVE Published:
- 5 March 2024
Badges
What is CVE-2024-22252?
CVE-2024-22252 is a critical vulnerability found in VMware's virtualization products, specifically ESXi, Workstation, and Fusion. This flaw arises from a use-after-free condition in the XHCI USB controller. If exploited, this vulnerability enables a malicious actor with local administrative access on a virtual machine to execute arbitrary code within the context of the VMX process that operates on the host system. The ramifications of this vulnerability could be severe, as it allows for unauthorized access and control over the affected host or virtual machines, threatening data integrity and privacy across organizational environments that utilize VMware's virtualization solutions.
Technical Details
The vulnerability is classified as a use-after-free issue, where the software mistakenly accesses a memory resource after it has been released. In the case of CVE-2024-22252, the issue lies in the XHCI USB controller used in VMware ESXi, Workstation, and Fusion. Exploiting this vulnerability necessitates local administrative privileges on a virtual machine, allowing an attacker to execute code as the VMX process running on the host. On ESXi, exploitation is limited within the VMX sandbox, whereas on Workstation and Fusion, successful exploitation could potentially extend to the host machine itself. This presents a significant risk to environments leveraging VMware for virtualization, as it could lead to broader system compromise.
Impact of the Vulnerability
-
Remote Code Execution: Successful exploitation of CVE-2024-22252 could allow attackers to execute arbitrary code on the affected system, potentially leading to full control over the virtual machines and host systems running VMware products.
-
Data Breach Risk: Through remote code execution, attackers could gain access to sensitive data stored within either the virtual machines or the underlying host, significantly increasing the likelihood of data breaches and unauthorized data access.
-
System Instability and Integrity Compromise: The ability to execute malicious code could disrupt normal operations on the host and virtual machines, leading to potential service outages, impaired business continuity, and the corruption of important processes and data within the organizational environment.
Affected Version(s)
VMware Cloud Foundation 5.x
VMware Cloud Foundation 4.x
VMware ESXi 8.0
Get notified when SecurityVulnerability.io launches alerting π
Well keep you posted π§
News Articles
VMware sandbox escape bugs are so critical, patches are released for end-of-life products
VMware ESXi, Workstation, Fusion, and Cloud Foundation all affected.
11 months ago
VMware fixes critical sandbox escape flaws in ESXi, Workstation, and Fusion
VMware released security updates to fix critical sandbox escape vulnerabilities in VMware ESXi, Workstation, Fusion, and Cloud Foundation products, allowing attackers to escape virtual machines and access the host operating system.
11 months ago
References
CVSS V3.1
Timeline
- πΎ
Exploit known to exist
- π
Vulnerability started trending
- π°
First article discovered by Beeping Computers
Vulnerability published
Vulnerability Reserved