CVE-2024-22251

Summary

VMware Workstation and Fusion contain an out-of-bounds read vulnerability in the USB CCID (chip card interface device). A malicious actor with local administrative privileges on a virtual machine may trigger an out-of-bounds read leading to information disclosure.

Affected Software

VendorProductVersion RangeStatus
n/aVMware Workstation17.x < 17.5.1affected
n/aVMware Fusion13.x < 13.5.1affected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References