Jetzt Ausprobieren
Vulnerability

VMware Fixed Multiple Sandbox Escape Vulnerabilities in ESXi, Workstation, and Fusion

3 min. read
07/03/2024
By Laura Libeer
Vmware vulnerability

⚡ TL;DR | Go Straight to the VMware VMSA-2024-0006 ESXi Vulnerability Audit Report

OR| Go Straight to the VMware VMSA-2024-0006 Workstation and Fustion Vulnerability Audit Report

VMware has released security updates for ESXi, Workstation, and Fusion to address a series of sandbox escape vulnerabilities. The update addresses 4 vulnerabilities, all with a critical CVSS score. If successfully exploited the issues could lead to remote code execution. We have added 2 new reports to your Lansweeper installation to help you find potentially vulnerable installs of ESXi, Workstation, and Fusion.

VMware Vulnerabilities CVE-2024-22252, CVE-2024-22253, CVE-2024-22254, and CVE-2024-22255

The new security update from VMware addresses 4 vulnerabilities all having CVSSv3 scores between 7.1 and 9.3.

  • CVE-2024-22252 and CVE-2024-22253 are both use-after-free vulnerabilities in the XHCI USB controller in VMware ESXi, Workstation, and Fusion. An attacker with local administrative privileges on a virtual machine could use this issue to execute code as the virtual machine’s VMX process running on the host. On ESXi, it is contained within the VMX sandbox, whereas on Workstation and Fusion, the code execution would be on the machine where Workstation or Fusion is installed.
  • CVE-2024-22254 is an out-of-bounds write vulnerability in ESXi. In combination with the vulnerabilities described above, it is considered critical as it could trigger an out-of-bounds write leading to an escape of the sandbox.
  • CVE-2024-22255 is an information disclosure vulnerability in the UHCI USB controller on ESXi, Workstation, and Fusion. If exploited it could lead to a memory leak from the vmx process.

Update Vulnerable ESXi, Workstation, and Fusion Installations

The flaws have now been fixed in ESXi 8.0 (update 2b and update 1d) and 7.0 (update 3p), Workstation version 17.5.1, and Fusion 13.5.1 (for MacOS). You are advised to update all installations to the new versions as soon as possible. You can find the full overview on VMware’s advisory page.

ProductAffected VersionFixed version
ESXi8.0ESXi80U2sb-23305545
ESXi8.0 [2]ESXi80U1d-23299997
ESXi7.0ESXi70U3p-23307199
Workstation17.x17.5.1
Fusion13.x13.5.1

Due to the severity of these issues, patches have also been released for customers with extended support installs of ESXi 6.7, 6.5, and VCF 3.x.

For those who are unable to update their installations immediately, VMware also offers workarounds for CVE-2024-22252, CVE-2024-22253, and CVE-2024-22255, though not for CVE-2024-22254. You can find the details on VMware’s workaround page.

Discover Vulnerable Workstation and Fusion Installs

Our team has put together 2 reports to help you find any vulnerable ESXi, Workstation, and Fusion installations on Windows and Mac. This way you have an actionable list of installs that still need to be updated and you can take action accordingly. You can get to the report via the link below.

VMware ESXi Vulnerability Audit Report
VMware Workstation and Fusion Vulnerability Audit Report