Severity
High
Analysis Summary
CVE-2024-22267 CVSS:9.3
VMware Workstation and Fusion could allow a local attacker to execute arbitrary code on the system, caused by a use-after-free vulnerability in the vbluetooth device. By persuading a victim to open a specially crafted virtual machine with 3D graphics, an attacker could exploit this vulnerability to could overflow a buffer and create a denial of service condition.
CVE-2024-22268 CVSS:9.3
VMware Workstation and Fusion is vulnerable a heap-based buffer overflow, caused by improper bounds checking in the Shader functionality. By persuading a victim to open a specially crafted file, a local attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVE-2024-22269 CVSS:7.1
VMware Workstation and Fusion could allow a local attacker to obtain sensitive information, caused by an error in the vbluetooth device. By sending a specially crafted request, a local attacker could exploit this vulnerability to read privileged information contained in hypervisor memory from a virtual machine.
Impact
- Code Execution
- Buffer Overflow
- Information Disclosure
Indicators of Compromise
CVE
- CVE-2024-22267
- CVE-2024-22268
- CVE-2024-22269
Affected Vendors
Affected Products
- VMware Workstation 17.5.1
- VMware Fusion 13.5.1
Remediation
Upgrade to the latest version of VMware Workstation and Fusion, available from the VMware Website.