Lmst
Login

#HeapBufferOverflow

🛡 H3lium@infosec.exchange/:~# :blinking_cursor:​H3liumb0y@infosec.exchange
2024-05-15

VMware Patches Severe Security Flaws in Workstation and Fusion Products

Date: May 2024
CVE: CVE-2024-22267, CVE-2024-22268, CVE-2024-22269, CVE-2024-22270
Vulnerability Type: Use-After-Free, Heap Buffer Overflow, Information Disclosure
CWE: [[CWE-416]], [[CWE-122]], [[CWE-200]]
Sources: The Hacker News, Broadcom advisory

Issue Summary

Multiple severe security vulnerabilities have been identified in VMware Workstation and Fusion products. These vulnerabilities could potentially allow threat actors to execute arbitrary code, access sensitive information, and trigger denial-of-service (DoS) conditions. The affected versions include Workstation 17.x and Fusion 13.x.

Technical Key Findings

The vulnerabilities include a use-after-free issue in the Bluetooth device (CVE-2024-22267), a heap buffer overflow in the shader functionality (CVE-2024-22268), and two information disclosure flaws (CVE-2024-22269 and CVE-2024-22270). Exploiting these vulnerabilities requires local administrative privileges on a virtual machine, potentially allowing attackers to manipulate the VM's VMX process.

  • CVE-2024-22267 (CVSS score: 9.3) - A use-after-free vulnerability in the Bluetooth device that could be exploited by a malicious actor with local administrative privileges on a virtual machine to execute code as the virtual machine's VMX process running on the host

|VMware Product|Version|Running On|CVE|CVSSv3|Severity|Fixed Version|Workarounds|Additional Documentation|
|---|---|---|---|---|---|---|---|---|
|Workstation|17.x|Any|CVE-2024-22267|9.3|Critical|17.5.2|KB91760|None|
|Fusion|13.x|OS X|CVE-2024-22267|9.3|Critical|13.5.2|KB91760|None|

  • CVE-2024-22268 (CVSS score: 7.1) - A heap buffer-overflow vulnerability in the Shader functionality that could be exploited by a malicious actor with non-administrative access to a virtual machine with 3D graphics enabled to create a DoS condition

| VMware Product | Version | Running On | CVE | CVSSv3 | Severity | Fixed Version | Workarounds | Additional Documentation |
| -------------- | ------- | ---------- | -------------- | --------------------------------------------------------------------------------------------- | --------- | ------------- | ------------------------------------------------ | ------------------------ |
| Workstation | 17.x | Windows | CVE-2024-22268 | 7.1 | Important | 17.5.2 | KB59146 | None |
| Fusion | 13.x | OS X | CVE-2024-22268 | 7.1 | Important | 13.5.2 | KB59146 | None |

  • CVE-2024-22269 (CVSS score: 7.1) - An information disclosure vulnerability in the Bluetooth device that could be exploited by a malicious actor with local administrative privileges on a virtual machine== to read privileged information contained in hypervisor memory== from a virtual machine

|VMware Product|Version|Running On|CVE|CVSSv3|Severity|Fixed Version|Workarounds|Additional Documentation|
|---|---|---|---|---|---|---|---|---|
|Workstation|17.x|Any|CVE-2024-22269|7.1|Important|17.5.2|KB91760|None|
|Fusion|13.x|OS X|CVE-2024-22269|7.1|Important|13.5.2|KB91760|None|

  • CVE-2024-22270 (CVSS score: 7.1) - An information disclosure vulnerability in the Host Guest File Sharing (HGFS) functionality that could be exploited by a malicious actor with local administrative privileges on a virtual machine to read privileged information contained in hypervisor memory from a virtual machine

| VMware Product | Version | Running On | CVE | CVSSv3 | Severity | Fixed Version | Workarounds | Additional Documentation |
| -------------- | ------- | ---------- | -------------- | --------------------------------------------------------------------------------------------- | --------- | ------------- | ----------- | ------------------------ |
| Workstation | 17.x | Any | CVE-2024-22270 | 7.1 | Important | 17.5.2 | None | None |
| Fusion | 13.x | OS X | CVE-2024-22270 | 7.1 | Important | 13.5.2 | None | None |

Vulnerable Products

  • VMware Workstation versions 17.x
  • VMware Fusion versions 13.x

Impact Assessment

Exploiting these vulnerabilities could lead to significant security breaches, including arbitrary code execution on the host machine, sensitive data exposure, and system crashes. The critical nature of these flaws underscores the need for immediate remediation to prevent potential attacks.

Patches or Workarounds

VMware has released patches for these vulnerabilities in versions 17.5.2 (Workstation) and 13.5.2 (Fusion). As temporary measures, users are advised to disable Bluetooth support and 3D acceleration features on virtual machines. However, there is no workaround for CVE-2024-22270.

Tags

#VMware #CVE-2024-22267 #CVE-2024-22268 #CVE-2024-22269 #CVE-2024-22270 #UseAfterFree #HeapBufferOverflow #InformationDisclosure #Virtualization #Workstation #Fusion #SecurityPatch

Client Info

Server: https://mastodon.social
Version: 2025.04
Repository: https://github.com/cyevgeniy/lmst