CVE-2024-22251

CWE-125 — Out-of-bounds Read4 documents4 sources

Severity

4.4MEDIUM

EPSS

0.1%

top 80.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Vmware Fusion Vmware Workstation

Timeline

PublishedFeb 29

Description

VMware Workstation and Fusion contain an out-of-bounds read vulnerability in the USB CCID (chip card interface device). A malicious actor with local administrative privileges on a virtual machine may trigger an out-of-bounds read leading to information disclosure.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:NExploitability: 1.4 | Impact: 4.0

Affected Packages4 packages

▶CVEListV5vmware_fusion13.x — 13.5.1

▶NVDvmware/fusion13.0.0 — 13.5.1

▶CVEListV5vmware_workstation17.x — 17.5.1

▶NVDvmware/workstation17.0 — 17.5.1

🔴Vulnerability Details

GHSA

GHSA-ch34-vwch-58hx: VMware Workstation and Fusion contain an out-of-bounds read vulnerability in the USB CCID (chip card interface device)↗2024-02-29

▶

CVEList

Out-of-bounds read vulnerability↗2024-02-27

▶

📋Vendor Advisories

VMware

VMware Workstation and Fusion updates address an out-of-bounds read vulnerability (CVE-2024-22251)↗2024-02-27

▶