CVE-2024-22267

CWE-416 — Use After Free4 documents4 sources

Severity

8.2HIGH

EPSS

0.1%

top 70.00%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

NA Vmware Workstation Vmware Fusion Vmware Workstation

Timeline

PublishedMay 14

Description

VMware Workstation and Fusion contain a use-after-free vulnerability in the vbluetooth device. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HExploitability: 2.5 | Impact: 6.0

Affected Packages4 packages

▶CVEListV5vmware_fusion13.x — 13.5.2

▶NVDvmware/fusion13.0.0 — 13.5.2

▶NVDvmware/workstation17.0.0 — 17.5.2

▶CVEListV5na/vmware_workstation17.x — 17.5.2

🔴Vulnerability Details

CVEList

CVE-2024-22267: VMware Workstation and Fusion contain a use-after-free vulnerability in the vbluetooth device↗2024-05-14

▶

GHSA

GHSA-mcxh-3pw2-4rmg: VMware Workstation and Fusion contain a use-after-free vulnerability in the vbluetooth device↗2024-05-14

▶

🕵️Threat Intelligence

Bleepingcomputer

VMware fixes three zero-day bugs exploited at Pwn2Own 2024↗2024-05-14

▶