Use-after-free vulnerability
CVE-2024-22252

9.3CRITICAL

Key Information:

Vendor
VMWare
Vendor
CVE Published:
5 March 2024

Badges

πŸ“ˆ TrendedπŸ“ˆ Score: 3,290πŸ‘Ύ Exploit ExistsπŸ“° News Worthy

What is CVE-2024-22252?

CVE-2024-22252 is a critical vulnerability found in VMware's virtualization products, specifically ESXi, Workstation, and Fusion. This flaw arises from a use-after-free condition in the XHCI USB controller. If exploited, this vulnerability enables a malicious actor with local administrative access on a virtual machine to execute arbitrary code within the context of the VMX process that operates on the host system. The ramifications of this vulnerability could be severe, as it allows for unauthorized access and control over the affected host or virtual machines, threatening data integrity and privacy across organizational environments that utilize VMware's virtualization solutions.

Technical Details

The vulnerability is classified as a use-after-free issue, where the software mistakenly accesses a memory resource after it has been released. In the case of CVE-2024-22252, the issue lies in the XHCI USB controller used in VMware ESXi, Workstation, and Fusion. Exploiting this vulnerability necessitates local administrative privileges on a virtual machine, allowing an attacker to execute code as the VMX process running on the host. On ESXi, exploitation is limited within the VMX sandbox, whereas on Workstation and Fusion, successful exploitation could potentially extend to the host machine itself. This presents a significant risk to environments leveraging VMware for virtualization, as it could lead to broader system compromise.

Impact of the Vulnerability

  1. Remote Code Execution: Successful exploitation of CVE-2024-22252 could allow attackers to execute arbitrary code on the affected system, potentially leading to full control over the virtual machines and host systems running VMware products.

  2. Data Breach Risk: Through remote code execution, attackers could gain access to sensitive data stored within either the virtual machines or the underlying host, significantly increasing the likelihood of data breaches and unauthorized data access.

  3. System Instability and Integrity Compromise: The ability to execute malicious code could disrupt normal operations on the host and virtual machines, leading to potential service outages, impaired business continuity, and the corruption of important processes and data within the organizational environment.

Affected Version(s)

VMware Cloud Foundation 5.x

VMware Cloud Foundation 4.x

VMware ESXi 8.0

Get notified when SecurityVulnerability.io launches alerting πŸ””

News Articles

VMware sandbox escape bugs are so critical, patches are released for end-of-life products

VMware ESXi, Workstation, Fusion, and Cloud Foundation all affected.

11 months ago

VMware fixes critical sandbox escape flaws in ESXi, Workstation, and Fusion

VMware released security updates to fix critical sandbox escape vulnerabilities in VMware ESXi, Workstation, Fusion, and Cloud Foundation products, allowing attackers to escape virtual machines and access the host operating system.

11 months ago

References

CVSS V3.1

Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • πŸ‘Ύ

    Exploit known to exist

  • πŸ“ˆ

    Vulnerability started trending

  • πŸ“°

    First article discovered by Beeping Computers

  • Vulnerability published

  • Vulnerability Reserved

.
πŸͺ This website uses cookies, like every other website on the internet πŸ˜• By using our website, you consent to the use of cookies.