CVE-2024-22255 — Allocation of Resources Without Limits or Throttling in Vmware Esxi

CWE-770 — Allocation of Resources Without Limits or Throttling6 documents6 sources

Severity

7.1HIGHNVD

EPSS

6.4%

top 8.96%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Vmware Esxi Vmware Fusion Vmware Workstation +5 more

Timeline

PublishedMar 5

Description

VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability in the UHCI USB controller. A malicious actor with administrative access to a virtual machine may be able to exploit this issue to leak memory from the vmx process.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:NExploitability: 2.5 | Impact: 4.0

Affected Packages8 packages

▶NVDvmware/fusion13.0.0 — 13.5.1

▶CVEListV5vmware/vmware_esxi8.0 — ESXi80U2sb-23305545+2

▶NVDvmware/workstation17.0.0 — 17.5.1

▶CVEListV5vmware/vmware_fusion13.x — 13.5.1

▶CVEListV5vmware/vmware_workstation17.x — 17.5.1

🔴Vulnerability Details

GHSA

GHSA-3hfr-246f-6fxv: VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability in the UHCI USB controller↗2024-03-05

▶

CVEList

Information disclosure vulnerability↗2024-03-05

▶

VulnCheck

VMware ESXi, Workstation, and Fusion UHCI USB Controller Vulnerability↗2024

▶

📋Vendor Advisories

VMware

VMware ESXi, Workstation, and Fusion updates address multiple security vulnerabilities (CVE-2024-22252, CVE-2024-22253, CVE-2024-22254, CVE-2024-22255)↗2024-03-05

▶