VMware ESXi Storage Controllers Vulnerable to Out-of-Bounds Read/Write Attacks
CVE-2024-22273

8.1HIGH

Key Information:

Vendor: VMware
Status: Vmware Esxi; Vmware Workstation; Vmware Fusion; Vmware Cloud Foundation (esxi)
Vendor: CVE Published:; 21 May 2024

Summary

The vulnerability involves an out-of-bounds read/write issue within the storage controllers of VMware ESXi, Workstation, and Fusion. A malicious actor with access to a virtual machine enabled with these storage controllers can exploit this vulnerability. The exploitation may result in a denial of service condition or allow the execution of arbitrary code on the hypervisor, especially when leveraged in conjunction with other vulnerabilities. This situation poses significant risk to virtualized environments relying on VMware's products, underscoring the necessity for timely security updates and patches.

Affected Version(s)

VMware Cloud Foundation (ESXi) 5.x < 5.1.1

VMware Cloud Foundation (ESXi) 4.x

VMware ESXi 8.0

References

https://support.broadcom.com/web/ecx/support-content-noti...

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
May 21, 2024
Vulnerability Reserved
Jan 8, 2024