CVE-2024-22255

Summary

VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability in the UHCI USB controller. A malicious actor with administrative access to a virtual machine may be able to exploit this issue to leak memory from the vmx process.  

Affected Software

VendorProductVersion RangeStatus
n/aVMware ESXi8.0 < ESXi80U2sb-23305545affected
n/aVMware ESXi8.0 < ESXi80U1d-23299997affected
n/aVMware ESXi7.0 < ESXi70U3p-23307199affected
n/aVMware Workstation17.x < 17.5.1affected
n/aVMware Fusion13.x < 13.5.1affected
n/aVMware Cloud Foundation5.xaffected
n/aVMware Cloud Foundation4.xaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References