VMSA-2024-005 VMwar...
 
Notifications
Clear all

VMSA-2024-005 VMware Workstation and Fusion Security Vulnerability

1 Posts
1 Users
0 Likes
288 Views
Brandon Lee
(@brandon-lee)
Posts: 542
Member Admin
Topic starter
 

VMware has released updates for Workstation Pro/Player and Fusion to rectify an out-of-bounds read flaw, designated as CVE-2024-22251. This vulnerability affects both VMware Workstation and Fusion products.

Affected VMware Products:

  • VMware Workstation Pro / Player (Workstation)
  • VMware Fusion

Vulnerability Overview: The identified vulnerability pertains to an out-of-bounds read issue within the USB CCID (chip card interface device) component of VMware Workstation and Fusion. This vulnerability has been assessed as having a Moderate severity level, with a maximum CVSSv3 base score of 5.9.

Potential Impact: Exploitation of this vulnerability could allow a malicious actor with local administrative rights on a virtual machine to initiate an out-of-bounds read. This could potentially lead to the disclosure of sensitive information.

Mitigation Steps: Users are advised to update their VMware Workstation and Fusion installations to the versions specified in the provided 'Response Matrix' to remediate this vulnerability. No workarounds have been identified for this issue.

Acknowledgment: VMware extends its gratitude to Jiaqing Huang (@s0duku) and Hao Zheng (@zhz) from the TianGong Team at Legendsec, part of the Qi'anxin Group, for reporting this vulnerability.

Response Matrix:

  • VMware Workstation 17.x (all platforms): Update to version 17.5.1.
  • VMware Fusion 13.x (OS X): Update to version 13.5.1.

Fixed Version Details and Resources: For VMware Workstation Pro 17.5.1 and Fusion 13.5.1, users can access the updates and accompanying documentation through the VMware Customer Connect portal and review the release notes for detailed information on the updates.

Fixed Version(s) and Release Notes:

Workstation Pro 17.5.1
Downloads and Documentation
https://customerconnect.vmware.com/downloads/info/slug/desktop_end_user_computing/vmware_workstation_pro/17_0
https://docs.vmware.com/en/VMware-Workstation-Pro/17.5.1/rn/vmware-workstation-1751-pro-release-notes/index.html

Fusion 13.5.1
Downloads and Documentation
https://customerconnect.vmware.com/en/downloads/info/slug/desktop_end_user_computing/vmware_fusion/13_0
https://docs.vmware.com/en/VMware-Fusion/13.5.1/rn/vmware-fusion-1351-release-notes/index.html

Mitre CVE Dictionary Links:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22251

FIRST CVSSv3 Calculator:
CVE-2024-22251: 
https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N

 
Posted : 27/02/2024 4:54 pm