Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-20872: VMSA-2023-0008

VMware Workstation and Fusion contain an out-of-bounds read/write vulnerability in SCSI CD/DVD device emulation.

CVE
#vulnerability#mac#vmware

Advisory ID: VMSA-2023-0008

CVSSv3 Range: 7.3-9.3

Issue Date: 2023-04-25

Updated On: 2023-04-25 (Initial Advisory)

CVE(s): CVE-2023-20869, CVE-2023-20870, CVE-2023-20871, CVE-2023-20872

Synopsis: VMware Workstation and Fusion updates address multiple security vulnerabilities (CVE-2023-20869, CVE-2023-20870, CVE-2023-20871, CVE-2023-20872)

****1. Impacted Products****

  • VMware Workstation Pro / Player (Workstation)
  • VMware Fusion

****2. Introduction****

Multiple security vulnerabilities in VMware Workstation and Fusion were privately reported to VMware. Updates and workarounds are available to remediate these vulnerabilities in the affected VMware products.

****3a. Stack-based buffer-overflow vulnerability in bluetooth device-sharing functionality (CVE-2023-20869)****

VMware Workstation and Fusion contain a stack-based buffer-overflow vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.3.

A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine’s VMX process running on the host.

To remediate CVE-2023-20869 update to the version listed in the ‘Fixed Version’ column of the ‘Response Matrix’ found below.

Workarounds for CVE-2023-20869 have been listed in the ‘Workarounds’ column of the ‘Response Matrix’ below.

VMware would like to thank STAR Labs, working with the Pwn2Own 2023 Security Contest, for reporting this issue to us.

Product

Version

Running On

CVE Identifier

CVSSv3

Severity

Fixed Version

Workarounds

Additional Documentation

Workstation

17.x

Any

CVE-2023-20869

9.3

critical

17.0.2

KB91760

None

Fusion

13.x

OS X

CVE-2023-20869

9.3

critical

13.0.2

KB91760

None

****3b. Information disclosure vulnerability in bluetooth device-sharing functionality (CVE-2023-20870)****

VMware Workstation and Fusion contain an out-of-bounds read vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.1.

A malicious actor with local administrative privileges on a virtual machine may be able to read privileged information contained in hypervisor memory from a virtual machine.

To remediate CVE-2023-20870 update to the version listed in the ‘Fixed Version’ column of the ‘Response Matrix’ found below.

Workarounds for CVE-2023-20870 have been listed in the ‘Workarounds’ column of the ‘Response Matrix’ below.

VMware would like to thank STAR Labs, working with the Pwn2Own 2023 Security Contest, for reporting this issue to us.

Product

Version

Running On

CVE Identifier

CVSSv3

Severity

Fixed Version

Workarounds

Additional Documentation

Workstation

17.x

Any

CVE-2023-20870

7.1

important

17.0.2

KB91760

None

Fusion

13.x

OS X

CVE-2023-20870

7.1

important

13.0.2

KB91760

None

****3c. VMware Fusion Raw Disk local privilege escalation vulnerability (CVE-2023-20871)****

VMware Fusion contains a local privilege escalation vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.3.

A malicious actor with read/write access to the host operating system can elevate privileges to gain root access to the host operating system.

To remediate CVE-2023-20871 update to the version listed in the ‘Fixed Version’ column of the ‘Response Matrix’ found below.

VMware would like to thank Beist, Chpie, Silenos, and Jz of LINE Security for reporting this issue to us.

Product

Version

Running On

CVE Identifier

CVSSv3

Severity

Fixed Version

Workarounds

Additional Documentation

Fusion

13.x

OS X

CVE-2023-20871

7.3

important

13.0.2

None

None

****3d. Out-of-bounds read/write vulnerability (CVE-2023-20872)****

VMware Workstation and Fusion contain an out-of-bounds read/write vulnerability in SCSI CD/DVD device emulation. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.7.

A malicious attacker with access to a virtual machine that has a physical CD/DVD drive attached and configured to use a virtual SCSI controller may be able to exploit this vulnerability to execute code on the hypervisor from a virtual machine.

To remediate CVE-2023-20872 update to the version listed in the ‘Fixed Version’ column of the ‘Response Matrix’ found below.

Workarounds for CVE-2023-20872 have been listed in the ‘Workarounds’ column of the ‘Response Matrix’ below.

Successful exploitation of this issue requires a physical CD/DVD drive attached to the virtual machine configured to use a virtual SCSI controller.

VMware would like to thank Wenxu Yin of 360 Vulnerability Research Institute for reporting this issue to us.

Product

Version

Running On

CVE Identifier

CVSSv3

Severity

Fixed Version

Workarounds

Additional Documentation

Workstation

17.x

Any

CVE-2023-20872

7.7

important

17.0.1

KB91949

None

Fusion

13.x

OS X

CVE-2023-20872

7.7

important

13.0.1

KB91949

None

****4. References****

****5. Change Log****

**2023-04-25 VMSA-2023-0008
**Initial security advisory.

****6. Contact****

Related news

CVE-2023-34046: VMSA-2023-0022

VMware Fusion(13.x prior to 13.5) contains a TOCTOU (Time-of-check Time-of-use) vulnerability that occurs during installation for the first time (the user needs to drag or copy the application to a folder from the '.dmg' volume) or when installing an upgrade. A malicious actor with local non-administrative user privileges may exploit this vulnerability to escalate privileges to root on the system where Fusion is installed or being installed for the first time.

Fake GitHub Repos Caught Dropping Malware as PoCs AGAIN!

By Habiba Rashid At the time of writing, all reported fake repositories have been taken down and the malicious PoC has been removed from GitHub. This is a post from HackRead.com Read the original post: Fake GitHub Repos Caught Dropping Malware as PoCs AGAIN!

Fake PoC for Linux Kernel Vulnerability on GitHub Exposes Researchers to Malware

In a sign that cybersecurity researchers continue to be under the radar of malicious actors, a proof-of-concept (PoC) has been discovered on GitHub, concealing a backdoor with a "crafty" persistence method. "In this instance, the PoC is a wolf in sheep's clothing, harboring malicious intent under the guise of a harmless learning tool," Uptycs researchers Nischay Hegde and Siddartha Malladi said.

Update now: Critical flaw in VMWare Fusion and VMWare Workstation

Categories: News Tags: VMware Tags: workstation Tags: fusion Tags: virtual machine Tags: SCSI Tags: DVD Tags: CD Tags: virtualisation Tags: exploit Tags: vulnerability Tags: flaw Tags: CVE VMWare has released fixes and mitigations for three Important and one Critical vulnerability in its Fusion and Workstation software. (Read more...) The post Update now: Critical flaw in VMWare Fusion and VMWare Workstation appeared first on Malwarebytes Labs.

VMware Releases Critical Patches for Workstation and Fusion Software

VMware has released updates to resolve multiple security flaws impacting its Workstation and Fusion software, the most critical of which could allow a local attacker to achieve code execution. The vulnerability, tracked as CVE-2023-20869 (CVSS score: 9.3), is described as a stack-based buffer-overflow vulnerability that resides in the functionality for sharing host Bluetooth devices with the

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907