CVE-2023-34044Out-of-bounds Read in Vmware Fusion

CWE-125Out-of-bounds Read4 documents4 sources
Severity
6.0MEDIUMNVD
CNA7.1
EPSS
0.0%
top 88.53%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Vmware FusionVmware Workstation
Timeline
PublishedOct 20

Description

VMware Workstation( 17.x prior to 17.5) and Fusion(13.x prior to 13.5) contain an out-of-bounds read vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine. A malicious actor with local administrative privileges on a virtual machine may be able to read privileged information contained in hypervisor memory from a virtual machine.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:NExploitability: 1.5 | Impact: 4.0

Affected Packages4 packages

CVEListV5vmware/fusion13.x13.5
NVDvmware/fusion13.0.013.5
CVEListV5vmware/workstation17.x17.5
NVDvmware/workstation17.0.017.5

🔴Vulnerability Details

2
CVEList
Information disclosure vulnerability in bluetooth device-sharing functionality2023-10-20
GHSA
GHSA-mj48-4fj3-6fjg: VMware Workstation( 172023-10-20

📋Vendor Advisories

1
VMware
VMware Fusion and Workstation updates address privilege escalation and information disclosure vulnerabilities (CVE-2023-34044, CVE-2023-34045, CVE-2023-34046)2023-10-19
CVE-2023-34044 — Out-of-bounds Read in Vmware Fusion | cvebase