CVE-2021-22045
published 2022-01-04CVE-2021-22045: VMware ESXi (7.0, 6.7 before ESXi670-202111101-SG and 6.5 before ESXi650-202110101-SG), VMware Workstation (16.2.0) and VMware Fusion (12.2.0) contains a…
high7.8CVSS 3.1
AVLACHPRLUINSCCHIHAH
VMware ESXi (7.0, 6.7 before ESXi670-202111101-SG and 6.5 before ESXi650-202110101-SG), VMware Workstation (16.2.0) and VMware Fusion (12.2.0) contains a heap-overflow vulnerability in CD-ROM device emulation. A malicious actor with access to a virtual machine with CD-ROM device emulation may be able to exploit this vulnerability in conjunction with other issues to execute code on the hypervisor from a virtual machine.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| vmware | cloud_foundation | 3.0 – 3.10.2.2 | — |
| vmware | cloud_foundation | 4.0 – 4.3.1 | — |
| vmware | esxi | — | — |
| vmware | esxi | — | — |
| vmware | esxi | — | — |
| vmware | fusion | >= 12.0.0 < 12.2.0 | 12.2.0 |
| vmware | workstation | >= 16.0.0 < 16.2.0 | 16.2.0 |