CVE-2024-22273
8.1
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Summary
The storage controllers on VMware ESXi, Workstation, and Fusion have out-of-bounds read/write vulnerability. A malicious actor with access to a virtual machine with storage controllers enabled may exploit this issue to create a denial of service condition or execute code on the hypervisor from a virtual machine in conjunction with other issues.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | VMware ESXi | 8.0 < ESXi80U2sb-23305545 | affected |
| n/a | VMware ESXi | 7.0 < ESXi70U3sq-23794019 | affected |
| n/a | VMware Workstation | 17.x < 17.5.1 | affected |
| n/a | VMware Fusion | 13.x < 13.5.1 | affected |
| n/a | VMware Cloud Foundation (ESXi) | 5.x < 5.1.1 | affected |
| n/a | VMware Cloud Foundation (ESXi) | 4.x | affected |
Weaknesses
- Out-of-bounds read/write vulnerability
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.