CVE-2024-22267
9.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Summary
VMware Workstation and Fusion contain a use-after-free vulnerability in the vbluetooth device. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| NA | VMware Workstation | 17.x < 17.5.2 | affected |
| N/A | VMware Fusion | 13.x < 13.5.2 | affected |
Weaknesses
- Use-after-free vulnerability
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.