VMware has recently shed light on a slew of vulnerabilities hitting close to home for its mainline products: VMware ESXi, Workstation, Fusion, and Cloud Foundation. In this blog post, we’re diving deep into VMware Security Advisory VMSA-2024-0006, breaking down the vulnerabilities, understanding what they mean for you, and laying out exactly what you need to do to fix them.
Impacted Products
The advisory highlights vulnerabilities in several key VMware products:
- VMware ESXi
- VMware Workstation Pro / Player
- VMware Fusion Pro / Fusion
- VMware Cloud Foundation
These products are integral to many IT environments, underlining the importance of addressing the advisory with urgency.
Vulnerability Overview
The disclosed vulnerabilities were privately reported to VMware and encompass both use-after-free issues in the XHCI and UHCI USB controllers, as well as an out-of-bounds write vulnerability in VMware ESXi. Additionally, an information disclosure vulnerability was found in the UHCI USB controller. These vulnerabilities pose a significant risk, as they could potentially allow a malicious actor with local administrative privileges to execute code on the host system.
Critical Vulnerabilities:
- CVE-2024-22252 & CVE-2024-22253: Both vulnerabilities are classified under the critical severity category, with a CVSSv3 base score of 9.3 for Workstation and Fusion, and 8.4 for ESXi. These use-after-free vulnerabilities in the XHCI and UHCI USB controllers could allow for unauthorized code execution.
- CVE-2024-22254: This out-of-bounds write vulnerability in ESXi has been assessed as important, with a CVSSv3 base score of 7.9. It could enable sandbox escape and unauthorized code execution within the VMX process.
- CVE-2024-22255: Rated as important with a CVSSv3 base score of 7.1, this information disclosure vulnerability in the UHCI USB controller could lead to memory leakage from the vmx process.
Mitigation and Remediation
VMware has promptly released patches for the affected products, and it is highly recommended for administrators to apply these fixes without delay. The response matrix provided by VMware offers detailed guidance on the fixed versions and available workarounds. For environments where immediate patching is not feasible, VMware has also listed potential workarounds to mitigate the risk temporarily.
Response Matrix:
Product | Version | Running On | CVE Identifier | CVSSv3 | Severity | Fixed Version [1] | Workarounds | Additional Documentation |
ESXi | 8.0 | Any | CVE-2024-22252, CVE-2024-22253, CVE-2024-22254, CVE-2024-22255 | 8.4, 8.4, 7.9, 7.1 | Critical | ESXi80U2sb-23305545 | KB96682 | FAQ |
ESXi | 8.0 [2] | Any | CVE-2024-22252, CVE-2024-22253, CVE-2024-22254, CVE-2024-22255 | 8.4, 8.4, 7.9, 7.1 | Critical | ESXi80U1d-23299997 | KB96682 | FAQ |
ESXi | 7.0 | Any | CVE-2024-22252, CVE-2024-22253, CVE-2024-22254, CVE-2024-22255 | 8.4, 8.4, 7.9, 7.1 | Critical | ESXi70U3p-23307199 | KB96682 | FAQ |
Workstation | 17.x | Any | CVE-2024-22252, CVE-2024-22253, CVE-2024-22255 | 9.3, 9.3, 7.1 | Critical | 17.5.1 | KB96682 | None. |
Fusion | 13.x | MacOS | CVE-2024-22252, CVE-2024-22253, CVE-2024-22255 | 9.3, 9.3, 7.1 | Critical | 13.5.1 | KB96682 | None |
[1] While Broadcom does not mention end-of-life products in the Security Advisories, due to the critical severity of these vulnerabilities Broadcom has made a patch available to customers with extended support for ESXi 6.7 (6.7U3u), 6.5 (6.5U3v) and VCF 3.x.
[2] Because of the severity of these issues, Broadcom has made additional patches available for ESXi 8.0 U1. If you do not plan to update your environment to ESXi 8.0 Update 2b (build # 23305546), use 8.0 Update 1d to update your ESXi hosts of version 8.0 Update 1c (build # 22088125) and earlier for these security fixes. The supported update path from 8.0 Update 1d is to ESXi 8.0 Update 2b or later. For more information, see the Product Interoperability Matrix.
Impacted Product Suites that Deploy Response Matrix Components:
Product | Version | Running On | CVE Identifier | CVSSv3 | Severity | Fixed Version | Workarounds | Additional Documentation |
Cloud Foundation (ESXi) | 5.x/4.x | Any | CVE-2024-22252, CVE-2024-22253, CVE-2024-22254, CVE-2024-22255 | 8.4, 8.4, 7.9, 7.1 | Critical | KB88287 | KB96682 | FAQ |
🔥Subscribe to the channel: https://bit.ly/3vY16CT🔥
🚨Read my blog: https://angrysysops.com/
👊Twitter: https://twitter.com/AngrySysOps
👊Facebook: https://www.facebook.com/AngrySysOps
👊My Podcast: https://bit.ly/39fFnxm
👊Mastodon: https://techhub.social/@AngryAdmin