Description
VMware ESXi, and Workstation contain a TOCTOU (Time-of-Check Time-of-Use) vulnerability that leads to an out-of-bounds write. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.
CVSS breakdown
CVSS 3.1
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
Affected products
- VMware / ESXi8.0 – ESXi80U2d-24585300
- VMware / ESXi7.0 – ESXi70U3s-24585291
- VMware / ESXi8.0 – ESXi80U3d-24585383
- VMware / Telco Cloud Infrastructure3.x, 2.x – 3.x, 2.x
- VMware / Telco Cloud Platform5.x, 4.x, 3.x, 2.x – 5.x, 4.x, 3.x, 2.x
- VMware / VMware Cloud Foundation5.x, 4.5.x – 5.x, 4.5.x
- VMware / Workstation17.x – 17.6.3