CVE-2022-31705
HIGHVMware Workstation 16.0.0-16.2.4 - Heap Out-of-bounds Write in USB 2.0 Controller
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2022-31705. PoCs published by s0duku.
AI-analyzed exploit summary This repository contains a proof-of-concept exploit for CVE-2022-31705, targeting a memory corruption vulnerability in VMware Workstation's EHCI USB controller emulation. The exploit triggers an out-of-bounds write by manipulating USB device structures in guest memory.
Description
VMware ESXi, Workstation, and Fusion contain a heap out-of-bounds write vulnerability in the USB 2.0 controller (EHCI). A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On ESXi, the exploitation is contained within the VMX sandbox whereas, on Workstation and Fusion, this may lead to code execution on the machine where Workstation or Fusion is installed.
Exploits (1)
This repository contains a proof-of-concept exploit for CVE-2022-31705, targeting a memory corruption vulnerability in VMware Workstation's EHCI USB controller emulation. The exploit triggers an out-of-bounds write by manipulating USB device structures in guest memory.
References (1)
Scores
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H