VMSA-2024-0005

vmware logo header

Moderate


VMSA-2024-0005

5.9

2024-02-27

2024-02-27 (Initial Advisory)

CVE-2024-22251

VMware Workstation and Fusion updates address an out-of-bounds read vulnerability (CVE-2024-22251)

1. Impacted Products



  • VMware Workstation Pro / Player (Workstation)
  • VMware Fusion

2. Introduction



An out-of-bounds read vulnerability in VMware Workstation and Fusion was privately reported to VMware. Updates are available to remediate this vulnerability in the affected VMware products.

3. USB CCID Out-of-bounds read vulnerability (CVE-2024-22251)

Description



VMware Workstation and Fusion contain an out-of-bounds read vulnerability in the USB CCID (chip card interface device). VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.9.

Known Attack Vectors



A malicious actor with local administrative privileges on a virtual machine may trigger an out-of-bounds read leading to information disclosure.

Resolution



To remediate CVE-2024-22251 update to the version listed in the ‘Fixed Version’ column of the ‘Response Matrix’ found below.

Workarounds



None.

Additional Documentation



None

Notes



None.

Acknowledgements



VMware would like to thank Jiaqing Huang (@s0duku) and Hao Zheng (@zhz) From TianGong Team of Legendsec at Qi’anxin Group for reporting this issue to us.

Response Matrix

ProductVersionRunning OnCVE IdentifierCVSSv3SeverityFixed VersionWorkaroundsAdditional Documentation
Workstation
17.x
Any
CVE-2024-22251
moderate

17.5.1
None
None
Fusion
13.x
OS X
CVE-2024-22251
moderate

13.5.1
None
None

4. References

5. Change Log



2024-02-27 VMSA-2024-0005
Initial security advisory.

6. Contact



E-mail: security@vmware.com

PGP key at:
https://kb.vmware.com/kb/1055 

VMware Security Advisories
https://www.vmware.com/security/advisories 

VMware Security Response Policy
https://www.vmware.com/support/policies/security_response.html 

VMware Lifecycle Support Phases
https://www.vmware.com/support/policies/lifecycle.html 

VMware Security & Compliance Blog  
https://blogs.vmware.com/security 

Twitter
https://twitter.com/VMwareSRC

 

Copyright 2024 Broadcom. All rights reserved.
 

Read full article (vmware.com)

All content and images belong to their respected owners, this article is curated for informational purposes only.

Total
0
Shares
Leave a Reply
Previous Post
citrix logo header

App Layering – Stuck Tasks or new tasks hang at “pending” or “stalled”

Next Post
citrix logo header

How to allocate Citrix licenses on My Account

Related Posts