CVE-2022-31705

HIGH

VMware Workstation 16.0.0-16.2.4 - Heap Out-of-bounds Write in USB 2.0 Controller

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-31705. PoCs published by s0duku.

AI-analyzed exploit summary This repository contains a proof-of-concept exploit for CVE-2022-31705, targeting a memory corruption vulnerability in VMware Workstation's EHCI USB controller emulation. The exploit triggers an out-of-bounds write by manipulating USB device structures in guest memory.

Description

VMware ESXi, Workstation, and Fusion contain a heap out-of-bounds write vulnerability in the USB 2.0 controller (EHCI). A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On ESXi, the exploitation is contained within the VMX sandbox whereas, on Workstation and Fusion, this may lead to code execution on the machine where Workstation or Fusion is installed.

Exploits (1)

nomisec WORKING POC 119 stars
by s0duku · poc
https://github.com/s0duku/cve-2022-31705

This repository contains a proof-of-concept exploit for CVE-2022-31705, targeting a memory corruption vulnerability in VMware Workstation's EHCI USB controller emulation. The exploit triggers an out-of-bounds write by manipulating USB device structures in guest memory.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: VMware Workstation 16.2.0
No auth needed
Prerequisites: VMware Workstation 16.2.0 · Ubuntu Server 22 guest OS · At least one USB device attached to the guest
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Scores

CVSS v3 8.2
EPSS 0.0155
EPSS Percentile 72.0%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-787
Status published
Products (4)
vmware/esxi 7.0 (18 CPE variants)
vmware/esxi 8.0
vmware/fusion 12.0.0 - 12.2.5
vmware/workstation 16.0.0 - 16.2.5
Published Dec 14, 2022
Tracked Since Feb 18, 2026