CVE-2024-22273

Summary

The storage controllers on VMware ESXi, Workstation, and Fusion have out-of-bounds read/write vulnerability. A malicious actor with access to a virtual machine with storage controllers enabled may exploit this issue to create a denial of service condition or execute code on the hypervisor from a virtual machine in conjunction with other issues.

Affected Software

VendorProductVersion RangeStatus
n/aVMware ESXi8.0 < ESXi80U2sb-23305545affected
n/aVMware ESXi7.0 < ESXi70U3sq-23794019affected
n/aVMware Workstation17.x < 17.5.1affected
n/aVMware Fusion13.x < 13.5.1affected
n/aVMware Cloud Foundation (ESXi)5.x < 5.1.1affected
n/aVMware Cloud Foundation (ESXi)4.xaffected

Weaknesses

  • Out-of-bounds read/write vulnerability

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References