[ad_1]
Getty Photos
VMware is urging clients to patch important vulnerabilities that make it attainable for hackers to interrupt out of sandbox and hypervisor protections in all variations, together with out-of-support ones, of VMware ESXi, Workstation, Fusion, and Cloud Basis merchandise.
A constellation of 4 vulnerabilities—two carrying severity scores of 9.3 out of a attainable 10—are critical as a result of they undermine the elemental function of the VMware merchandise, which is to run delicate operations inside a digital machine that’s segmented from the host machine. VMware officers stated that the prospect of a hypervisor escape warranted a direct response below the corporate’s IT Infrastructure Library, a course of often abbreviated as ITIL.
“Emergency change”
“In ITIL phrases, this example qualifies as an emergency change, necessitating immediate motion out of your group,” the officers wrote in a post. “Nonetheless, the suitable safety response varies relying on particular circumstances.”
Among the many particular circumstances, one issues which weak product a buyer is utilizing, and one other is whether or not and the way it could also be positioned behind a firewall. A VMware advisory included the next matrix exhibiting how the vulnerabilities—tracked as CVE-2024-22252, CVE-2024-22253, CVE-2024-22254, CVE-2024-22255—have an effect on every of the weak merchandise:
| Product | Model | Working On | CVE Identifier | CVSSv3 | Severity | Mounted Model [1] | Workarounds | Further Documentation |
|---|---|---|---|---|---|---|---|---|
| ESXi | 8.0 | Any | CVE-2024-22252, CVE-2024-22253, CVE-2024-22254, CVE-2024-22255 | 8.4, 8.4, 7.9, 7.1 | important | ESXi80U2sb-23305545 | KB96682 | FAQ |
| ESXi | 8.0 [2] | Any | CVE-2024-22252, CVE-2024-22253, CVE-2024-22254, CVE-2024-22255 | 8.4, 8.4, 7.9, 7.1 | important | ESXi80U1d-23299997 | KB96682 | FAQ |
| ESXi | 7.0 | Any | CVE-2024-22252, CVE-2024-22253, CVE-2024-22254, CVE-2024-22255 | 8.4, 8.4, 7.9, 7.1 | important | ESXi70U3p-23307199 | KB96682 | FAQ |
| Workstation | 17.x | Any | CVE-2024-22252, CVE-2024-22253, CVE-2024-22255 | 9.3, 9.3, 7.1 | important | 17.5.1 | KB96682 | None. |
| Fusion | 13.x | MacOS | CVE-2024-22252, CVE-2024-22253, CVE-2024-22255 | 9.3, 9.3, 7.1 | important | 13.5.1 | KB96682 | None |
Three of the vulnerabilities have an effect on the USB controller the merchandise use to help peripheral units equivalent to keyboards and mice. The advisory describes the vulnerabilities as:
CVE-2024-22252: a use-after-free vulnerability in XHCI USB controller with a most severity vary of 9.3 for Workstation/Fusion and a base rating of 8.4 for ESXi. Somebody with native administrative privileges on a digital machine can execute code because the digital machine’s VMX course of operating on the host. On ESXi, the exploitation is contained throughout the VMX sandbox, whereas, on Workstation and Fusion, this might result in code execution on the machine the place Workstation or Fusion is put in.
CVE-2024-22253: a use-after-free vulnerability in UHCI USB controller with a most severity score of 9.3 for Workstation/Fusion and a base rating of 8.4 for ESXi. Exploitation necessities and outcomes are the identical as for CVE-2024-22252.
CVE-2024-22254: an out-of-bounds write vulnerability with a most severity base rating of seven.9. This vulnerability makes it attainable for somebody with privileges throughout the VMX course of to set off an out-of-bounds write resulting in a sandbox escape.
CVE-2024-22255: an info disclosure vulnerability within the UHCI USB controller with a most CVSSv3 base rating of seven.1. Somebody with administrative entry to a digital machine can exploit it to leak reminiscence from the vmx course of.
Broadcom, the VMware dad or mum firm, is urging clients to patch weak merchandise. As a workaround, customers can take away USB controllers from weak digital machines, however Broadcom confused that this measure may degrade digital console performance and must be considered as solely a short lived resolution. In an article explaining tips on how to take away a USB controller, officers wrote:
The workaround is to take away all USB controllers from the Digital Machine. In consequence, USB passthrough performance will likely be unavailable.
As well as, digital/emulated USB units, equivalent to VMware digital USB stick or dongle, is not going to be obtainable to be used by the digital machine. In distinction, the default keyboard/mouse as enter units should not affected as they’re, by default, not linked by means of USB protocol however have a driver that does software program machine emulation within the visitor OS.
IMPORTANT:
Sure visitor working techniques, together with Mac OS, don’t help utilizing a PS/2 mouse and keyboard. These visitor working techniques will likely be left with out a mouse and keyboard with out a USB controller.
VMware stated it isn’t conscious of any proof that any of the vulnerabilities are below energetic exploitation.
[ad_2]
Source link
