Vulnerability Description
The storage controllers on VMware ESXi, Workstation, and Fusion have out-of-bounds read/write vulnerability. A malicious actor with access to a virtual machine with storage controllers enabled may exploit this issue to create a denial of service condition or execute code on the hypervisor from a virtual machine in conjunction with other issues.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Vmware | Cloud Foundation | >= 4.0, < 5.1.1 |
| Vmware | Workstation | >= 17.0.0, < 17.5.1 |
| Vmware | Esxi | 7.0 |
| Vmware | Fusion | >= 13.0.0, < 13.5.1 |
| Apple | Macos | - |
Related Weaknesses (CWE)
References
- https://support.broadcom.com/web/ecx/support-content-notification/-/external/conVendor Advisory
- https://support.broadcom.com/web/ecx/support-content-notification/-/external/conVendor Advisory
FAQ
What is CVE-2024-22273?
CVE-2024-22273 is a vulnerability with a CVSS score of 8.1 (HIGH). The storage controllers on VMware ESXi, Workstation, and Fusion have out-of-bounds read/write vulnerability. A malicious actor with access to a virtual machine with storage controllers enabled may exp...
How severe is CVE-2024-22273?
CVE-2024-22273 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-22273?
Check the references section above for vendor advisories and patch information. Affected products include: Vmware Cloud Foundation, Vmware Workstation, Vmware Esxi, Vmware Fusion, Apple Macos.