Lucene search

K
cvelistVmwareCVELIST:CVE-2024-22255
HistoryMar 05, 2024 - 5:58 p.m.

CVE-2024-22255 Information disclosure vulnerability

2024-03-0517:58:35
vmware
www.cve.org
cve-2024-22255
information disclosure
vmware
esxi
workstation
fusion
uhci usb controller
memory leak
administrative access
virtual machine

7.1 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

7.3 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability in the UHCI USB controller. A malicious actor with administrative access to a virtual machine may be able to exploit this issue to leak memory from the vmx process.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "VMware ESXi",
    "vendor": "n/a",
    "versions": [
      {
        "lessThan": "ESXi80U2sb-23305545",
        "status": "affected",
        "version": "8.0 ",
        "versionType": "custom"
      },
      {
        "lessThan": "ESXi80U1d-23299997",
        "status": "affected",
        "version": "8.0",
        "versionType": "custom"
      },
      {
        "lessThan": "ESXi70U3p-23307199",
        "status": "affected",
        "version": "7.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "VMware Workstation",
    "vendor": "n/a",
    "versions": [
      {
        "lessThan": "17.5.1",
        "status": "affected",
        "version": "17.x",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "VMware Fusion",
    "vendor": "n/a",
    "versions": [
      {
        "lessThan": "13.5.1",
        "status": "affected",
        "version": "13.x",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "VMware Cloud Foundation",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "5.x"
      },
      {
        "status": "affected",
        "version": "4.x"
      }
    ]
  }
]

7.1 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

7.3 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%