CVE-2024-22255
published 2024-03-05CVE-2024-22255: VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability in the UHCI USB controller. A malicious actor with administrative access…
high7.1CVSS 3.1
AVLACLPRNUINSCCHINAN
VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability in the UHCI USB controller. A malicious actor with administrative access to a virtual machine may be able to exploit this issue to leak memory from the vmx process.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| vmware | cloud_foundation | 4.0 – 5.0 | — |
| vmware | esxi | — | — |
| vmware | esxi | — | — |
| vmware | esxi | — | — |
| vmware | fusion | >= 13.0.0 < 13.5.1 | 13.5.1 |
| vmware | workstation | >= 17.0.0 < 17.5.1 | 17.5.1 |
CVSS provenance
nvdv3.17.1HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
vulncheck7.1HIGH