You are currently viewing VMWare Catches New Critical ESXi Sandbox Escape Bugs

VMWare Catches New Critical ESXi Sandbox Escape Bugs

  • Post author:
  • Reading time:4 mins read

VMWare’s latest advisory reveals four new vulnerabilities affecting its ESXi, Workstation, Fusion, and Cloud Foundation products. Each vulnerability has been patched, with support even being extended for end-of-life products – an unusual but vital decision for this unprecedented situation.

Solutions such as vulnerability management software and patch management software will detect and automatically fix vulnerabilities. You can read more about this in the final section of the blog. For now, let’s take a look at the technical details of the aforementioned bugs.

Technical Details

CVE-2024-22252 and CVE-2024-22253: Use-after-free vulnerabilities, both rated critical at 9.3, in the XHCI and UHCI USB controllers respectively. An attacker with local administrative access on a virtual machine can execute code as the virtual machine’s VMX process running on the host. On ESXi, exploitation stays within the sandbox. However, on Workstation and Fusion, this could lead to code execution on the machine.

CVE-2024-22254: An out-of-bounds write vulnerability in ESXi rated important at 7.9. An attacker with VMX process privileges can trigger an out-of-bounds write leading to a sandbox escape.

CVE-2024-22255: An information disclosure vulnerability rated important at 7.9 in the UHCI USB controller. An attacker with administrative access to a virtual machine can leak memory from the vmx process.  

Impact and Products Affected

Two of the four vulnerabilities could potentially allow an attacker to execute code as the VMX process of the virtual machine. The products affected include:

  • VMware ESXi
  • VMware Workstation Pro / Player (Workstation)
  • VMware Fusion Pro / Fusion (Fusion)
  • VMware Cloud Foundation (Cloud Foundation)

Solutions

For workarounds and patch details, refer to the VMWare advisory. All fixed versions (including the EOL ones) can be found in the response matrix.

You can install these patches using SanerNow. SanerNow Vulnerability Management, Risk Prioritization, and Patch Management detect and automatically fix vulnerabilities with risk-based remediation. With SanerNow, you can keep your systems updated and secure.

Have any questions on how to fix these CVEs specific to your IT? Let’s discuss.