Vulnerability Description
VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability in the UHCI USB controller. A malicious actor with administrative access to a virtual machine may be able to exploit this issue to leak memory from the vmx process.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Vmware | Cloud Foundation | >= 4.0, <= 5.0 |
| Vmware | Workstation | >= 17.0.0, < 17.5.1 |
| Vmware | Esxi | 7.0 |
| Vmware | Fusion | >= 13.0.0, < 13.5.1 |
| Apple | Macos | - |
Related Weaknesses (CWE)
References
- https://www.vmware.com/security/advisories/VMSA-2024-0006.htmlVendor Advisory
- https://www.vmware.com/security/advisories/VMSA-2024-0006.htmlVendor Advisory
FAQ
What is CVE-2024-22255?
CVE-2024-22255 is a vulnerability with a CVSS score of 7.1 (HIGH). VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability in the UHCI USB controller. A malicious actor with administrative access to a virtual machine may be able to exploi...
How severe is CVE-2024-22255?
CVE-2024-22255 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-22255?
Check the references section above for vendor advisories and patch information. Affected products include: Vmware Cloud Foundation, Vmware Workstation, Vmware Esxi, Vmware Fusion, Apple Macos.