CVE-2024-22252

CRITICAL EXPLOITED RANSOMWARE

VMware ESXi, Workstation, and Fusion - Use After Free

Title source: llm

Exploitation Summary

CVE-2024-22252 has been observed exploited in the wild (reported by VulnCheck KEV), including in ransomware campaigns.

Description

VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On ESXi, the exploitation is contained within the VMX sandbox whereas, on Workstation and Fusion, this may lead to code execution on the machine where Workstation or Fusion is installed.

References (1)

Core 1

Core References

Vendor Advisory

https://www.vmware.com/security/advisories/VMSA-2024-0006.html

Scores

CVSS v3 9.3

EPSS 0.0025

EPSS Percentile 48.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

VulnCheck KEV 2024-09-11

Ransomware Use Confirmed

CWE

CWE-416

Status published

Products (5)

vmware/esxi 7.0 (25 CPE variants)

vmware/esxi 7.0.0 b

vmware/esxi 8.0 (8 CPE variants)

vmware/fusion 13.0.0 - 13.5.1

vmware/workstation 17.0.0 - 17.5.1

Published Mar 05, 2024

Tracked Since Feb 18, 2026