VMware ESXi Storage Controllers Vulnerable to Out-of-Bounds Read/Write Attacks

CVE-2024-22273

8.1HIGH

Key Information

Vendor: VMware
Status: Vmware Esxi; Vmware Workstation; Vmware Fusion; Vmware Cloud Foundation (esxi)
Vendor: CVE Published:; 21 May 2024

Summary

The storage controllers on VMware ESXi, Workstation, and Fusion have out-of-bounds read/write vulnerability. A malicious actor with access to a virtual machine with storage controllers enabled may exploit this issue to create a denial of service condition or execute code on the hypervisor from a virtual machine in conjunction with other issues.

Affected Version(s)

VMware ESXi < 8.0

VMware ESXi < 7.0

VMware Workstation < 17.5.1

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published.
May 21, 2024
Vulnerability Reserved.
Jan 8, 2024

Collectors

NVD DatabaseMitre Database