Severity
Medium
Analysis Summary
CVE-2022-26373
VMware ESXi could allow a local authenticated attacker to obtain sensitive information, caused by a return-stack-buffer-underflow in the Intel and AMD processors that it utilizes. An attacker could exploit this vulnerability to exploit various side-channel CPU flaws, obtain sensitive information from physical memory about the hypervisor or other virtual machines that reside on the same ESXi host, and use this information to launch further attacks against the affected system.
Impact
- Information Disclosure
Indicators Of Compromise
CVE
- CVE-2022-26373
Affected Vendors
VMware
Affected Products
- VMware ESXi 6.5
- VMware ESXi 6.7
- VMware ESXi 7.0
Remediation
Refer to VMware Security Advisory for patch, upgrade or suggested workaround information.