Critical VMware Vulnerabilities in USB Controllers Allow Escape from Sandboxes, Affect Multiple Products
-
Critical VMware vulnerabilities allow escaping from sandboxes and hypervisors in multiple products including end-of-life ones.
-
The vulnerabilities affect ESXi, Workstation, Fusion, and Cloud Foundation.
-
The flaws undermine the core purpose of VMware products to isolate VMs from hosts.
-
Vulnerabilities are in the USB controller and lead to privilege escalation, code execution, and information disclosure.
-
Patches are available but workarounds like removing USB controllers have significant downsides.