VMware VMSA-2024-00...
Clear all

VMware VMSA-2024-0006 ESXi Sandbox Escape Flaw - Patch now

1 Posts
1 Users
Brandon Lee
Posts: 542
Member Admin
Topic starter

VMware Addresses Critical Vulnerabilities Across Multiple Products

VMware, a leading provider in cloud infrastructure and digital workspace technology, has released patches to address multiple vulnerabilities across its product line, including VMware ESXi, Workstation, Fusion, and Cloud Foundation. These vulnerabilities were identified and privately reported to VMware, highlighting the company's commitment to securing its software against emerging threats.

Highlighted Vulnerabilities and Their Impact

The security advisory details several critical and important vulnerabilities:

  • Use-after-free vulnerabilities in both XHCI and UHCI USB controllers (CVE-2024-22252 and CVE-2024-22253) have been flagged as critical for Workstation and Fusion, and important for ESXi. These could allow a malicious actor with local administrative privileges to execute code on the host machine.

  • An out-of-bounds write vulnerability in ESXi (CVE-2024-22254), classified as important, which could lead to sandbox escape by an attacker with specific privileges.

  • An information disclosure vulnerability in the UHCI USB controller (CVE-2024-22255), also deemed important, that could allow memory leakage from the vmx process.

VMware has assessed the combined severity of these vulnerabilities as critical, urging customers to apply the provided patches to mitigate risks.

Resolutions and Recommendations

VMware recommends applying the patches listed in their Response Matrix immediately. For ESXi, Workstation, and Fusion, specific fixed versions have been released, addressing the vulnerabilities. Where applicable, workarounds have also been provided, along with additional documentation and FAQs for further clarification.

Special Note on End-of-Life Products

In an uncommon move acknowledging the critical severity of these vulnerabilities, VMware, through Broadcom, has extended support to include patches for end-of-life products. Customers with extended support contracts for ESXi 6.7 (6.7U3u), ESXi 6.5 (6.5U3v), and VMware Cloud Foundation (VCF) 3.x can access patches tailored to these versions. This decision underscores VMware's dedication to customer security and the exceptional nature of the vulnerabilities addressed.


VMware has expressed its gratitude towards the researchers from Team Ant Lab and TianGong Team of Legendsec at Qi'anxin Group, among others, for their responsible disclosure of these vulnerabilities. Their collaboration with VMware through the Tianfu Cup Pwn Contest has been instrumental in identifying and addressing these security issues.


As VMware addresses these vulnerabilities, customers are urged to review their environments and apply the necessary updates or patches to safeguard their systems. The proactive disclosure and patching of these issues reflect VMware's ongoing commitment to product security and customer protection.


Posted : 05/03/2024 3:18 pm