Property Abroad
Blog
VMware urgent updates fix critical ESXi sandbox bugs.

VMware urgent updates fix critical ESXi sandbox bugs.

VMware urgent updates fix critical ESXi sandbox bugs.

VMware has released urgent patches to address critical vulnerabilities in ESXi, Workstation, Fusion and Cloud Foundation virtualization environments.

Virtualization giant VMware has released urgent updates to fix critical "sandbox escape" vulnerabilities in its ESXi, Workstation, Fusion and Cloud Foundation products.

The most serious vulnerabilities can be exploited by an attacker with local administrative privileges on a virtual machine to execute code in that virtual machine's VMX process running on the host.

The most serious vulnerabilities are the Use-after-free vulnerability in the USB XHCI controller (CVE-2024-22252) and the Use-after-free vulnerability in the USB UHCI controller (CVE-2024-22253), both of which received a CVSS score of 9.3.

Below are descriptions of the two vulnerabilities:

CVE-2024-22252:"VMware ESXi, Workstation and Fusion contain a 'use-after-release' vulnerability in the USB XHCI controller," the advisory reads. "An attacker with local administrative privileges on a virtual machine could exploit this issue to execute code in the VMX process of the virtual machine running on the host. In ESXi, exploitation is limited to the VMX sandbox area, and in Workstation and Fusion, this could lead to code execution on the machine where Workstation or Fusion is installed."

CVE-2024-22253:"VMware ESXi, Workstation and Fusion contain a 'use-after-release' vulnerability in the USB UHCI controller," the advisory reads.

"An attacker with local administrative privileges on a virtual machine could exploit this issue to execute code in the VMX process of the virtual machine running on the host. In ESXi, exploitation is limited to the VMX sandbox area, and in Workstation and Fusion, this could lead to code execution on the machine where Workstation or Fusion is installed."

The company has also addressed the following two vulnerabilities:

  • Boundary recording vulnerability in ESXi (CVE-2024-22254) (CVSS score 7.9)
  • Vulnerability of information disclosure in the USB UHCI controller (CVE-2024-22255) (CVSS score 7.1)

Tags

Both

We will find property for you

  • 🔸 Reliable new buildings and ready-made apartments
  • 🔸 Without commissions and intermediaries
  • 🔸 Online display and remote transaction

Popular Posts

Ronaldo’s €25m Cascais Villa Highlights a Shift in Property Portugal Luxury

today

GSD Denizcilik: High Yield from Turkey Property Comes with High Currency Risk

today

Gecina Turns Paris Real Estate into a Scalable 'Product' — Why Investors Are Watching

today

Why Wealthy Americans Are Driving a 22% Surge in Paris Luxury Sales — What This Means for Buyers

today

Dubai Bans Room-by-Room Rentals Without Permit — What UAE Property Owners Must Know

today

Subscribe to the newsletter from Hatamatata.com!

I agree to the processing of personal data and confidentiality rules of Hatamatata

Need advice on your situation?

Get a  free  consultation on purchasing real estate overseas. We’ll discuss your goals, suggest the best strategies and countries, and explain how to complete the purchase step by step. You’ll get clear answers to all your questions about buying, investing, and relocating abroad.

Vector Bg
Irina

Irina Nikolaeva

Sales Director, HataMatata