CVE-2024-22254Out-of-bounds Write in Vmware Esxi

CWE-787Out-of-bounds Write6 documents6 sources
Severity
8.2HIGHNVD
CNA7.9VulnCheck7.9
EPSS
0.3%
top 47.63%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Vmware EsxiVmware Cloud FoundationVmware Cloud Foundation+1 more
Timeline
PublishedMar 5

Description

VMware ESXi contains an out-of-bounds write vulnerability. A malicious actor with privileges within the VMX process may trigger an out-of-bounds write leading to an escape of the sandbox.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:HExploitability: 1.5 | Impact: 6.0

Affected Packages4 packages

CVEListV5vmware/vmware_esxi8.0ESXi80U2sb-23305545+2
NVDvmware/esxi7.0, 7.0.0, 8.0+2
NVDvmware/cloud_foundation4.05.0
CVEListV5vmware/vmware_cloud_foundation4.x, 5.x+1

🔴Vulnerability Details

3
GHSA
GHSA-mw76-72hw-4357: VMware ESXi contains an out-of-bounds write vulnerability2024-03-05
CVEList
Out-of-bounds write vulnerability2024-03-05
VulnCheck
VMware ESXi Out-of-bounds Write Vulnerability2024

📋Vendor Advisories

1
VMware
VMware ESXi, Workstation, and Fusion updates address multiple security vulnerabilities (CVE-2024-22252, CVE-2024-22253, CVE-2024-22254, CVE-2024-22255)2024-03-05
CVE-2024-22254 — Out-of-bounds Write in Vmware Esxi | cvebase