Critical Flaw Patched in VMware Workstation and Fusion


VMware has addressed multiple security vulnerabilities in its Workstation and Fusion products. The vulnerabilities, identified as CVE-2023-20869, CVE-2023-20870, CVE-2023-20871 and CVE-2023-20872, have been privately reported to VMware and have a CVSS v3.x scores between 7.3 and 9.3.

One of the flaws, CVE-2023-20869, is a stack-based buffer overflow vulnerability in the functionality for sharing host Bluetooth devices with the virtual machine (VM). 

“A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine’s VMX process running on the host,” the company wrote in a security advisory published on Tuesday.

VMware has evaluated this bug as being of Critical severity with a maximum CVSS v3.x base score of 9.3.

Another vulnerability, CVE-2023-20870, is an out-of-bounds read flaw in the same Bluetooth functionality. VMware has evaluated this vulnerability as Important, with a maximum CVSS v3.x base score of 7.1.

Read more on out-of-bounds flaws: TPM 2.0 Library Vulnerabilities May Affect Billions of IoT Devices

CVE-2023-20871, on the other hand, is a local privilege escalation vulnerability in VMware Fusion. VMware has evaluated this vulnerability as Important, with a maximum CVSS v3.x base score of 7.3.

Finally, CVE-2023-20872 is an out-of-bounds read/write vulnerability in SCSI CD/DVD device emulation in VMware Workstation and Fusion. VMware has evaluated this bug as being of Important severity with a maximum CVSS v3.x base score of 7.7.

VMware has released updates and workarounds to remediate these vulnerabilities in the affected products. 

“Multiple security vulnerabilities in VMware Workstation and Fusion were privately reported to VMware. Updates and workarounds are available to remediate these vulnerabilities in the affected VMware products.”

VMware thanked STAR Labs, working with the Pwn2Own 2023 Security Contest, for reporting this issue. The patches come a couple of months after the ESXiArgs ransomware attack that infected servers of VMware ESXi hypervisors in February.



Source link