#VU89630 Use-after-free in VMware Workstation and VMware Fusion - CVE-2024-22267

Cybersecurity Help s.r.o.

Published: 2024-05-17 | Updated: 2024-06-06

Vulnerability identifier: #VU89630

Vulnerability risk: Medium

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-22267

CWE-ID: CWE-416

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
VMware Workstation
Client/Desktop applications / Virtualization software
VMware Fusion
Client/Desktop applications / Virtualization software

Vendor: VMware, Inc

Description
The vulnerability allows a guest user to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the VBluetoothHCI_PacketOut method in the vbluetooth device. An attacker with administrative access to the guest OS can trigger a use-after-free error and execute arbitrary code with VMX process running on the host.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

VMware Workstation: 17.0 - 17.5.1

VMware Fusion: 13.0 - 13.5.1

External links
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24280
https://www.zerodayinitiative.com/advisories/ZDI-24-527/
https://www.zerodayinitiative.com/advisories/ZDI-24-526/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in VMware Workstation and Fusion