May 14, 2024 at 09:48AM
VMware, owned by Broadcom, issues security advisory for Workstation and Fusion, announcing patches for vulnerabilities exploited at Pwn2Own hacking competition. Advisories are now available on Broadcom’s support website. The latest advisory details four vulnerabilities, with three reported at Pwn2Own Vancouver 2024 and the fourth by a researcher outside the competition. Notably, vulnerabilities allowed for execution of arbitrary code and information disclosure.
From the meeting notes, it is clear that VMware, now owned by Broadcom, has published a security advisory informing Workstation and Fusion customers of available patches for vulnerabilities that were exploited at the Pwn2Own hacking competition.
It’s worth noting that VMware security advisories are now found on Broadcom’s support website.
The latest advisory details four vulnerabilities, three of which were reported at the Pwn2Own Vancouver 2024 competition by Trend Micro’s Zero Day Initiative (ZDI). This includes a ‘critical’ vulnerability, CVE-2024-22267, in the vbluetooth component that allows a local attacker with administrative privileges on a virtual machine to execute arbitrary code on the host’s VMX process.
Another ‘high severity’ vulnerability, CVE-2024-22269, allows a local attacker to read privileged information from hypervisor memory. This was reported by the Theori team in Pwn2Own.
Furthermore, there is an information disclosure issue, CVE-2024-22270, related to the Host Guest File Sharing (HGFS) functionality, which can be exploited by a malicious actor with local administrative privileges on a VM to read privileged information from hypervisor memory.
The Theori team at Pwn2Own earned $130,000 for an exploit chain that allowed them to escape VMware Workstation and execute arbitrary code with System privileges on the host Windows operating system.
Additionally, the Star Labs SG team earned $30,000 for an exploit chain involving known VMware Workstation bugs.
Lastly, while the Star Labs team had a failed VMware ESXi hacking attempt at Pwn2Own, they are believed to have still provided valuable information to VMware.
This meeting notes clear up the status of the security vulnerabilities, actions taken to address them, and the outcomes of the recent Pwn2Own hacking competition.