VMware Discloses Severe Hypervisor Flaws That Could Enable Host Escapes
-
VMware disclosed severe flaws in its hypervisors for Workstation, Fusion, and ESXi that could allow privilege escalation and guest-host escapes.
-
The flaws allow code execution outside of the virtual machine, rated 9.3 out of 10 in severity.
-
Virtual USB controllers are the source of the vulnerabilities. VMware recommends removing them, but admits this may not be feasible at scale.
-
An additional vulnerability could allow sandbox escapes from the VMX process.
-
Some flaws were discovered by researchers at China's Tianfu Cup Pwn Contest security competition.