Lucene search

VMwareVMSA-2024-0005

HistoryFeb 27, 2024 - 12:00 a.m.

VMware Workstation and Fusion updates address an out-of-bounds read vulnerability (CVE-2024-22251)

2024-02-2700:00:00

www.vmware.com

vmware

workstation

fusion

updates

usb

ccid

vulnerability

out-of-bounds read

severity

cvssv3

base score

6.7 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

3. USB CCID Out-of-bounds read vulnerability (CVE-2024-22251)

VMware Workstation and Fusion contain an out-of-bounds read vulnerability in the USB CCID (chip card interface device). VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.9.

CPENameOperatorVersion
workstationlt17.5.1
fusionlt13.5.1

CPE	Name	Operator	Version
	workstation	lt	17.5.1
	fusion	lt	13.5.1

References

customerconnect.vmware.com/downloads/info/slug/desktop_end_user_computing/vmware_workstation_pro/17_0

customerconnect.vmware.com/en/downloads/info/slug/desktop_end_user_computing/vmware_fusion/13_0

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22251

docs.vmware.com/en/VMware-Fusion/13.5.1/rn/vmware-fusion-1351-release-notes/index.html

docs.vmware.com/en/VMware-Workstation-Pro/17.5.1/rn/vmware-workstation-1751-pro-release-notes/index.html

www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N