VMware Patches Critical Flaws in ESXi, Workstation, Fusion Allowing Potential VM Escape
-
VMware released fixes for critical sandbox escape flaws in ESXi, Workstation, Fusion, and Cloud Foundation that could allow VM escape and host access.
-
The flaws (CVE-2024-22252, CVE-2024-22253, CVE-2024-22254, CVE-2024-22255) are use-after-free, out-of-bounds write, and information disclosure bugs.
-
The flaws impact ESXi, Workstation, and Fusion products, with CVSS scores from 7.1 to 9.3 (critical severity).
-
Workarounds involve removing USB controllers from VMs to mitigate some flaws.
-
Patches are available for newer and older ESXi, Workstation, and Fusion versions due to the flaws' severity.