Published on 07 Mar 2024
VMware has released security updates addressing two critical vulnerabilities (CVE-2024-22252 and CVE-2024-22253) in their ESXi, Workstation, Fusion, and Cloud Foundation products.
The vulnerabilities are:
On VMware ESXi, successful exploitation of the vulnerabilities is contained within the VMX sandbox. However, on VMware Workstation and Fusion, this may lead to code execution on the machine where Workstation or Fusion is installed.
The vulnerabilities affect the following products:
Users and administrators of the affected products are advised to update to the latest versions immediately.
Users and administrators who are unable to update their affected products immediately are advised to remove all USB controllers from the Virtual Machine as a workaround.
More information is available here:
https://www.vmware.com/security/advisories/VMSA-2024-0006.html
https://kb.vmware.com/s/article/96682
https://www.securityweek.com/vmware-patches-critical-esxi-sandbox-escape-flaws/