SB2023042557 - Multiple vulnerabilities in VMware Workstation and Fusion
Published: April 25, 2023 Updated: July 19, 2024
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 4 secuirty vulnerabilities.
1) Stack-based buffer overflow (CVE-ID: CVE-2023-20869)
The vulnerability allows an attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the UHCI component in the functionality for sharing host Bluetooth devices with the virtual machine. An attacker with administrative account on the guest OS can trigger a stack-based buffer overflow and execute arbitrary code as the virtual machine's VMX process running on the host.
2) Out-of-bounds read (CVE-ID: CVE-2023-20870)
The vulnerability allows an attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the UHCI component in the functionality for sharing host Bluetooth devices with the virtual machine. An attacker with administrative access to the guest OS can trigger an out-of-bounds read error and read contents of memory on the host OS.
3) Improper access control (CVE-ID: CVE-2023-20871)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper access restrictions in raw disk functionality. A local user with read/write access to the host operating system can elevate privileges to gain root access to the host operating system.
4) Out-of-bounds write (CVE-ID: CVE-2023-20872)
The vulnerability allows an attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error in SCSI CD/DVD device emulation. An attacker with access to a virtual machine that has a physical CD/DVD drive attached and configured to use a virtual SCSI controller can trigger an out-of-bounds write and execute arbitrary code on the hypervisor from a virtual machine.
Remediation
Install update from vendor's website.