Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-31705: VMSA-2022-0033

VMware ESXi, Workstation, and Fusion contain a heap out-of-bounds write vulnerability in the USB 2.0 controller (EHCI). A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine’s VMX process running on the host. On ESXi, the exploitation is contained within the VMX sandbox whereas, on Workstation and Fusion, this may lead to code execution on the machine where Workstation or Fusion is installed.

CVE
#vulnerability#mac#vmware

Advisory ID: VMSA-2022-0033

CVSSv3 Range: 5.9-9.3

Issue Date: 2022-12-13

Updated On: 2022-12-13 (Initial Advisory)

CVE(s): CVE-2022-31705

Synopsis: VMware ESXi, Workstation, and Fusion updates address a heap out-of-bounds write vulnerability (CVE-2022-31705)

****1. Impacted Products****

  • VMware ESXi
  • VMware Workstation Pro / Player (Workstation)
  • VMware Fusion Pro / Fusion (Fusion)
  • VMware Cloud Foundation

****2. Introduction****

A heap out-of-bounds write vulnerability in VMware ESXi, Workstation, and Fusion was privately reported to VMware. Updates and workarounds are available to remediate this vulnerability in affected VMware products.

****3. Heap out-of-bounds write vulnerability in EHCI controller (CVE-2022-31705)****

VMware ESXi, Workstation, and Fusion contain a heap out-of-bounds write vulnerability in the USB 2.0 controller (EHCI). VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.3.

A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine’s VMX process running on the host. On ESXi, the exploitation is contained within the VMX sandbox whereas, on Workstation and Fusion, this may lead to code execution on the machine where Workstation or Fusion is installed.

To remediate CVE-2022-31705 apply the patches listed in the ‘Fixed Version’ column of the ‘Response Matrix’ found below.

Workarounds for CVE-2022-31705 have been listed in the ‘Workarounds’ column of the ‘Response Matrix’ below.

VMware would like to thank the organizers of GeekPwn 2022 and Yuhao Jiang for reporting this issue to us.

Product

Version

Running On

CVE Identifier

CVSSv3

Severity

Fixed Version

Workarounds

Additional Documentation

ESXi

8.0

Any

CVE-2022-31705

5.9

moderate

ESXi80a-20842819

KB87617

None

ESXi

7.0

Any

CVE-2022-31705

5.9

moderate

ESXi70U3si-20841705

KB87617

None

Fusion

13.x

OS X

CVE-2022-31705

N/A

N/A

Unaffected

N/A

N/A

Fusion

12.x

OS X

CVE-2022-31705

9.3

critical

12.2.5

KB79712

None

Workstation

17.x

Any

CVE-2022-31705

N/A

N/A

Unaffected

N/A

N/A

Workstation

16.x

Any

CVE-2022-31705

9.3

critical

16.2.5

KB79712

None

Impacted Product Suites that Deploy Response Matrix Components:

Product

Version

Running On

CVE Identifier

CVSSv3

Severity

Fixed Version

Workarounds

Additional Documentation

Cloud Foundation (ESXi)

4.x/3.x

Any

CVE-2022-31705

5.9

moderate

KB90336

KB87617

None

****4. References****

****5. Change Log****

2022-12-13 VMSA-2022-0033
Initial security advisory.

****6. Contact****

Related news

CVE-2022-46756: DSA-2022-335: Dell VxRail Security Update for Multiple Third-Party Component Vulnerabilities

Dell VxRail, versions prior to 7.0.410, contain a Container Escape Vulnerability. A local high-privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the container's underlying OS. Exploitation may lead to a system take over by an attacker.

Hackers Actively Exploiting Citrix ADC and Gateway Zero-Day Vulnerability

The U.S. National Security Agency (NSA) on Tuesday said a threat actor tracked as APT5 has been actively exploiting a zero-day flaw in Citrix Application Delivery Controller (ADC) and Gateway to take over affected systems. The critical remote code execution vulnerability, identified as CVE-2022-27518, could allow an unauthenticated attacker to execute commands remotely on vulnerable devices and

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907