Use-after-free vulnerability
CVE-2024-22252

6.7MEDIUM

Key Information:

Vendor
VMWare
Status
Vmware Esxi
Vmware Workstation
Vmware Fusion
Vmware Cloud Foundation
Vendor
CVE Published:
5 March 2024

Badges

πŸ“ˆ TrendedπŸ“ˆ Score: 3,290πŸ‘Ύ Exploit ExistsπŸ“° News Worthy

What is CVE-2024-22252?

CVE-2024-22252 is a critical vulnerability found in VMware's virtualization products, specifically ESXi, Workstation, and Fusion. This flaw arises from a use-after-free condition in the XHCI USB controller. If exploited, this vulnerability enables a malicious actor with local administrative access on a virtual machine to execute arbitrary code within the context of the VMX process that operates on the host system. The ramifications of this vulnerability could be severe, as it allows for unauthorized access and control over the affected host or virtual machines, threatening data integrity and privacy across organizational environments that utilize VMware's virtualization solutions.

Technical Details

The vulnerability is classified as a use-after-free issue, where the software mistakenly accesses a memory resource after it has been released. In the case of CVE-2024-22252, the issue lies in the XHCI USB controller used in VMware ESXi, Workstation, and Fusion. Exploiting this vulnerability necessitates local administrative privileges on a virtual machine, allowing an attacker to execute code as the VMX process running on the host. On ESXi, exploitation is limited within the VMX sandbox, whereas on Workstation and Fusion, successful exploitation could potentially extend to the host machine itself. This presents a significant risk to environments leveraging VMware for virtualization, as it could lead to broader system compromise.

Impact of the Vulnerability

  1. Remote Code Execution: Successful exploitation of CVE-2024-22252 could allow attackers to execute arbitrary code on the affected system, potentially leading to full control over the virtual machines and host systems running VMware products.

  2. Data Breach Risk: Through remote code execution, attackers could gain access to sensitive data stored within either the virtual machines or the underlying host, significantly increasing the likelihood of data breaches and unauthorized data access.

  3. System Instability and Integrity Compromise: The ability to execute malicious code could disrupt normal operations on the host and virtual machines, leading to potential service outages, impaired business continuity, and the corruption of important processes and data within the organizational environment.

Affected Version(s)

VMware Cloud Foundation 5.x

VMware Cloud Foundation 4.x

VMware ESXi 8.0

News Articles

favicon imageArs Technica

VMware sandbox escape bugs are so critical, patches are released for end-of-life products

VMware ESXi, Workstation, Fusion, and Cloud Foundation all affected.

favicon imageBeeping Computers

VMware fixes critical sandbox escape flaws in ESXi, Workstation, and Fusion

VMware released security updates to fix critical sandbox escape vulnerabilities in VMware ESXi, Workstation, Fusion, and Cloud Foundation products, allowing attackers to escape virtual machines and access the host operating system.

References

https://www.vmware.com/security/advisories/VMSA-2024-0006...

CVSS V3.1

Score:
6.7
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • πŸ‘Ύ

    Exploit known to exist

  • πŸ“ˆ

    Vulnerability started trending

  • πŸ“°

    First article discovered by Beeping Computers

  • Vulnerability published

  • Vulnerability Reserved

.