Recent disclosures have identified multiple security vulnerabilities in VMware's Workstation and Fusion products. These flaws could be leveraged by attackers to access sensitive information, trigger denial-of-service (DoS) conditions, and execute arbitrary code under specific conditions. The affected versions include Workstation 17.x and Fusion 13.x, with patches available in versions 17.5.2 and 13.5.2, respectively. This article delves into each vulnerability, provides suggested workarounds, and highlights the importance of updating to the latest versions to ensure security.
Overview of Disclosed Vulnerabilities
CVE-2024-22267: Use-After-Free Vulnerability in Bluetooth Device
Severity: CVSS Score 9.3
This critical vulnerability arises from a use-after-free flaw in the Bluetooth device functionality. An attacker with local administrative privileges on a virtual machine can exploit this vulnerability to execute code as the VMX process running on the host. The potential impact includes unauthorized code execution, compromising the host system's integrity.
CVE-2024-22268: Heap Buffer-Overflow in Shader Functionality
Severity: CVSS Score 7.1
A heap buffer-overflow vulnerability exists in the Shader functionality. This flaw can be exploited by an attacker with non-administrative access to a virtual machine with 3D graphics enabled, leading to a DoS condition. The exploitation of this vulnerability could disrupt normal operations and render the virtual machine unusable.
CVE-2024-22269: Information Disclosure in Bluetooth Device
Severity: CVSS Score 7.1
This information disclosure vulnerability affects the Bluetooth device functionality. An attacker with local administrative privileges on a virtual machine can exploit this flaw to read sensitive information from the hypervisor memory. The potential leakage of privileged information poses a significant security risk.
CVE-2024-22270: Information Disclosure in Host Guest File Sharing (HGFS)
Severity: CVSS Score 7.1
The HGFS functionality contains an information disclosure vulnerability. This flaw can be exploited by an attacker with local administrative privileges on a virtual machine to read privileged information from the hypervisor memory. Unlike other vulnerabilities, there are no temporary mitigations for CVE-2024-22270, making it crucial to apply the latest updates.
Temporary Workarounds
While waiting for the patches to be deployed, users can implement the following temporary workarounds to mitigate some of the risks associated with these vulnerabilities:
- CVE-2024-22267 and CVE-2024-22269: Disable Bluetooth support on the virtual machine to prevent exploitation.
- CVE-2024-22268: Turn off the 3D acceleration feature to avoid potential DoS conditions.
It is important to note that there are no workarounds for CVE-2024-22270 apart from updating to the latest software versions.
Historical Context and Importance of Updates
The vulnerabilities CVE-2024-22267, CVE-2024-22269, and CVE-2024-22270 were originally demonstrated by STAR Labs SG and Theori at the Pwn2Own hacking contest in Vancouver in March. This underscores the importance of addressing these flaws promptly to protect systems from real-world exploits.
In a previous advisory, VMware had released patches for four security flaws affecting ESXi, Workstation, and Fusion, including two critical vulnerabilities (CVE-2024-22252 and CVE-2024-22253) with CVSS scores of 9.3 and 8.4, respectively. These flaws also posed risks of code execution, highlighting a recurring need for vigilance and timely updates in virtualization software.
Conclusion
The disclosed vulnerabilities in VMware Workstation and Fusion products present serious security risks that require immediate attention. Users are strongly advised to update to versions 17.5.2 and 13.5.2 to mitigate these threats. Implementing temporary workarounds can provide partial protection, but the definitive solution lies in applying the recommended patches. Keeping software up to date and staying informed about security advisories are crucial steps in maintaining a secure virtual environment.
0 Comments