CVE-2021-22040
published 2022-02-16CVE-2021-22040: VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges…
medium6.7CVSS 3.1
AVLACLPRHUINSUCHIHAH
VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| vmware | cloud_foundation | >= 3.0 < 3.11 | 3.11 |
| vmware | cloud_foundation | >= 4.0 < 4.4 | 4.4 |
| vmware | esxi | — | — |
| vmware | esxi | — | — |
| vmware | esxi | — | — |
| vmware | fusion | >= 12.0.0 < 12.2.1 | 12.2.1 |
| vmware | workstation_player | >= 16.0.0 < 16.2.1 | 16.2.1 |
| vmware | workstation_pro | >= 16.0.0 < 16.2.1 | 16.2.1 |