CVE-2024-22273

HIGH8.1

The storage controllers on VMware ESXi, Workstation, and Fusion have out-of-bounds read/write vulnerability

Published May 21, 2024

Modified 11 months ago

Details

The storage controllers on VMware ESXi, Workstation, and Fusion have out-of-bounds read/write vulnerability. A malicious actor with access to a virtual machine with storage controllers enabled may exploit this issue to create a denial of service condition or execute code on the hypervisor from a virtual machine in conjunction with other issues.

References

WEB

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24308

ADVISORY

https://www.cve.org/CVERecord?id=CVE-2024-22273

CVSS Analysis

CVSS v3.1

8.1

Exploitability

Attack Vector

LocalAV:L

Attack Complexity

HighAC:H

Privileges Required

NonePR:N

User Interaction

NoneUI:N

Scope

ChangedS:C

Impact

Confidentiality

HighC:H

Integrity

HighI:H

Availability

HighA:H

8.1/CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Ecosystems

Timeline

PublishedMay 21, 2024

ModifiedMar 26, 2025