CVE-2021-22041
published 2022-02-16CVE-2021-22041: VMware ESXi, Workstation, and Fusion contain a double-fetch vulnerability in the UHCI USB controller. A malicious actor with local administrative privileges on…
medium6.7CVSS 3.1
AVLACLPRHUINSUCHIHAH
VMware ESXi, Workstation, and Fusion contain a double-fetch vulnerability in the UHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| vmware | cloud_foundation | >= 3.0 < 3.11 | 3.11 |
| vmware | cloud_foundation | >= 4.0 < 4.4 | 4.4 |
| vmware | esxi | — | — |
| vmware | esxi | — | — |
| vmware | esxi | — | — |
| vmware | fusion | >= 12.0.0 < 12.2.1 | 12.2.1 |
| vmware | workstation | >= 16.0.0 < 16.2.1 | 16.2.1 |