CVE-2024-22253

CRITICAL EXPLOITED RANSOMWARE

VMware ESXi, Workstation, and Fusion - Use After Free

Title source: llm

Description

VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the UHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On ESXi, the exploitation is contained within the VMX sandbox whereas, on Workstation and Fusion, this may lead to code execution on the machine where Workstation or Fusion is installed.

References (1)

[Vendor Advisory] https://www.vmware.com/security/advisories/VMSA-2024-0006.html

Scores

CVSS v3 9.3

EPSS 0.0008

EPSS Percentile 23.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Exploitation Intel

VulnCheck KEV 2024-09-11

Ransomware Use Confirmed

Classification

CWE

CWE-416

Status published

Affected Products (37)

vmware/esxi

vmware/cloud_foundation < 5.0

vmware/workstation < 17.5.1

vmware/esxi

... and 22 more

Timeline

Published Mar 05, 2024

Tracked Since Feb 18, 2026