VMware Workstation and Fusion: Breakout from guest system possible
There are security gaps in VMware Workstation and Fusion that were abused in the Pwn2Own competition. They make it possible to break out of the guest system.
Security gaps in VMware products put users at risk.
(Image: erstellt mit KI in Bing Designer durch heise online / dmk)
In VMware Workstation and Fusion, the developers have plugged some critical security leaks. They were abused during the Pwn2own 2024 hacking competition in Vancouver and enable, among other things, a breakout from the guest systems.
In the security announcement, the VMware programmers write that attackers can break out of the guest system and execute code in the context of VMware's VMX process on the host system due to a use-after-free vulnerability in the vbluetooth device, in which resources are reused after being released by the program code and thus undefined memory contents are used. To do this, they require admin rights in the guest system (CVE-2024-22267, CVSS 9.3, risk"critical").
VMware Workstation and Fusion: Also high-risk vulnerabilities
The developers have also patched three high-risk vulnerabilities. In the shader function of 3D graphics virtualization, malicious actors without elevated privileges on the system can abuse a heap-based buffer overflow to provoke a denial of service (CVE-2024-22268, CVSS 7.1, high). The vbluetooth device can also access information in the privileged hypervisor memory, allowing attackers to obtain sensitive information (CVE-2024-22269, CVSS 7 .1, high).
Videos by heise
A vulnerability in host-guest file sharing (HGFS) also allows access to privileged information in the hypervisor memory. Attackers require admin rights in the guest system (CVE-2024-22270, CVSS 7 .1, high).
The vulnerabilities close the now available versions VMware Workstation Pro 17.5.2 and VMware Fusion 13.5.2. The downloads are linked in the security notice and can be accessed after logging into the Broadcom account. Since one gap is even considered critical and the misuse of the gaps to compromise systems was demonstrated at the Pwn2own conference, IT managers should download and apply the updates immediately.
Last week, the developers had to close a privilege escalation vulnerability in the VMware Avi Load Balancer. The programmers rated the risk of the vulnerability as high.
(dmk)
