CVE-2024-22268

CWE-787 — Out-of-bounds Write3 documents3 sources

Severity

6.5MEDIUM

EPSS

0.1%

top 74.79%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Vmware Fusion Vmware Workstation

Timeline

PublishedMay 14

Description

VMware Workstation and Fusion contain a heap buffer-overflow vulnerability in the Shader functionality. A malicious actor with non-administrative access to a virtual machine with 3D graphics enabled may be able to exploit this vulnerability to create a denial of service condition.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 2.5 | Impact: 4.0

Affected Packages4 packages

▶CVEListV5vmware_fusion13.x — 13.5.2

▶NVDvmware/fusion13.0.0 — 13.5.2

▶CVEListV5vmware_workstation17.x — 17.5.2

▶NVDvmware/workstation17.0.0 — 17.5.2

🔴Vulnerability Details

GHSA

GHSA-9g97-rgrc-9vhg: VMware Workstation and Fusion contain a heap buffer-overflow vulnerability in the Shader functionality↗2024-05-14

▶

CVEList

CVE-2024-22268: VMware Workstation and Fusion contain a heap buffer-overflow vulnerability in the Shader functionality↗2024-05-14

▶